Re: Something's happening with named

From: Chris Faulhaber (jedgar@fxp.org)
Date: 03/29/01 

Date: Thu, 29 Mar 2001 08:12:08 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: Seorge <seorge@rostokgroup.com>

On Thu, Mar 29, 2001 at 03:07:55PM +0200, Seorge wrote:
> May be somebody knows what's going on?
>
> Not the first time I face the following problem:
> While everything seems to work properly: sendmail, apache and so on
> the following string is displayed and none of the local network or
> Internet requests is answered.
> Restarting named is the only way to get it back to life.
> What could be the cause of this thing: attack or misconfiguration?
>
> Mar 26 11:29:11 nameoftheunix-server /kernel: pid 115 (named), uid 0: exited on signal 10 (core dumped)
>
> This event repeats from approximately twice a month with no systematic
> rule.
>

What version of bind are you running. Have you upgraded since the bind
advisory was released in January?

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:18.bind.asc

If you are running a vulnerable server, it is possible that someone is
trying to root you with an exploit meant for a different OS, causing bind
to crash. 

-- 
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • [Full-Disclosure] Sidewinder G2 Thanks and a question or two
    ... This was VERY disturbing. ... >other service protection is not vulnerable to the exploits against BIND ... >versions of BIND and Sendmail. ...
    (Full-Disclosure)
  • Re: tmux(1) in base
    ... every single FreeBSD installation in the world except those where the ... User surprise was not a sufficient reason not to remove Perl. ... Sendmail, ensuring that they are well integrated into our codebase, ... BIND and Sendmail. ...
    (freebsd-current)
  • Re: Newb questions
    ... I know BIND ... >> and sendmail are there but I keep hearing about potential security problems. ... to avoid qmail in favour of a postfix-based solution. ... It's also mostly unusable without different patches, ...
    (comp.unix.bsd.freebsd.misc)
  • How do I get sendmail working again
    ... Well, after following the instructions at the former link, sendmail will no ... daemon MTA: cannot bind: Address already in use ... whitbap# /etc/rc.d/sendmail start ...
    (freebsd-questions)
  • Re: replacing sendmail with qmail
    ... that Sendmail and bind and so on have their exploits.. ... Freedom of religion. ... To not have or change the different MTA by default in FreeBSD ...
    (freebsd-hackers)