Security Incidents mailing list archives

Re: solaris nscd cores

From: mikeDOTd <mikedotd () nexthop net>
Date: Sat, 1 Dec 2001 14:57:38 -0500 (EST)

        I saw a number of nscd crashes thursday-friday on my sun.

        I have a full core, and initially I see this:

Core was generated by `/usr/sbin/nscd'.
Program terminated with signal 9, Killed.
#0  0xef7563d8 in ?? ()

        If I find anything else I'll post to the list.


--mikeDOTd
mikedotd () nexthop net
http://www.nexthop.net/~mikedotd

pub DH/DSS http://www.nexthop.net/~mikedotd/0xC8D39AC8.asc
Key fingerprint: 355D E9FA 2C25 93A9 877F  D9F3 6925 E0A9 C8D3 9AC8

On Fri, 30 Nov 2001, j.e.r.k. ROCKS wrote:


  Has anyone else seen core dumps from their Solaris nscd process
recently?  At 11:07 CST yesterday, two different Internet-facing
machines in my network saw their nscd processes dump core.  The file
system filled up in both cases, so I actually didn't get a full core
file.  GDB tells me:

Core was generated by `/usr/sbin/nscd'.
Program terminated with signal 9, Killed.
Cannot access memory at address 0xef7efdec.
#0  0xef7663d8 in ?? ()Cannot access memory at address 0xef7efdec.
(gdb) bt
#0  0xef7663d8 in ?? ()Cannot access memory at address 0xef7efdec.


I am running with patch 109339-01, which fixes a mysterious buffer
overflow bug in nscd (Sun released a proactive advisory back in
November 2000, along with this patch), but this definitely makes me
nervous.  Has anyone else encountered this issue?


__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: solaris nscd cores mikeDOTd (Dec 01)
- Re: solaris nscd cores Greg A. Woods (Dec 01)
  - Re: solaris nscd cores Fyodor (Dec 02)
- Re: solaris nscd cores j.e.r.k. ROCKS (Dec 04)
- Re: solaris nscd cores j.e.r.k. ROCKS (Dec 04)