BIND 8.2.2-P5 crash

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed Feb 7 22:20:34 UTC 2001


	Named killed itself.   See the abort() call in evDrop().
	Now as to how it got here, yes it could be a bungled attempt
	that cause memory to get over written.

	Mark.

> Hi All!
> 
> please help me to investigate the named crashes that happened on two of my
> servers recently. The period between these crashes was about 30 minutes.
> 
> bind version 8.2.2-P5 build for FreeBSD 3.3-RELEASE
> (i know about recent BIND vulnerabilities and now install new 8.2.3 version)
> 
> whether these crashes were a consequence of any attack?
> 
> -------
> record from syslog:
> Feb  5 06:08:12 host /kernel: pid 135 (named), uid 0: exited on signal 6
> (core dumped)
> 
> #gdb -c named.core named
> 
> Core was generated by Named'.
> Program terminated with signal 6, Abort trap.
> Reading symbols from /usr/lib/libutil.so.2...done.
> Reading symbols from /usr/lib/libc.so.3...done.
> Reading symbols from /usr/libexec/ld-elf.so.1...done.
> #0  0x281163d0 in kill () from /usr/lib/libc.so.3
> (gdb) where
> #0  0x281163d0 in kill () from /usr/lib/libc.so.3
> #1  0x2814a728 in abort () from /usr/lib/libc.so.3
> #2  0x8087b41 in __evDrop (opaqueCtx={opaque = 0xbfbfda64}, opaqueEv={
>       opaque = 0xbfbfdc90}) at eventlib.c:614
> #3  0x8087a45 in __evDispatch (opaqueCtx={opaque = 0x280e5801}, opaqueEv={
>       opaque = 0xbfbfdc34}) at eventlib.c:554
> -------
> 
> PS: i tried to search explanation by these data in bind-users maillist
> archive but i couldn't.
> 
> thanx in advance
> Michael Kichanov
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com


More information about the bind-users mailing list