[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] proftpd-1.2.2rc1-C2 vulnerability?
- Subject: Re: [cobalt-security] proftpd-1.2.2rc1-C2 vulnerability?
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 6 Jun 2001 21:30:33 +0200
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Bill,
> A number of things can cause a reboot that are not related to an
> intrusion.
Yes, of course.
> I have also seen instances where the
> server was running overloaded and was brought down to its knees by an
> overloaded system. Mostly likely its an errant CGI script or too many
> complex CGI's running on your system for it to handle.
That was exactly what the globbing did with the old proftpd. It generated
100% CPU load and eventually the system rebooted after a couple of minutes.
So that's why I primarily wanted to know if proftpd-1.2.2rc1-C2 also is
vulnerable to this exploit. I suspect and hope the answer is "no", but I'm
not sure of that.
But I see your point that the spontaneous reboot in this case could have been
caused by other things as well.
> You can try
> checking your CPU load during busy and not so busy times by type "top"
> at the command line. Watch what is happening and your cpu load, how much
> mem is being utilized during this time. If you are running out of
> memory, you may need to upgrade.
The CPU load so far has not been an issue, but I'll set up a cronjob which
will email me the results of "uptime" every couple of minutes to keep track
of it for a while.
> Another thing that would cause this problem is something I saw today.
> The admin at one site never checked his mail or didn't delete it off the
> server. The admin mail file swelled to 348mb file!!!! Youch! Everytime
> mail was sent to the acct or the admin checked it, it consumed 348mb
> memory to do its thing. If you are running a loaded server when that
> happens, it can cause all sorts of nastyiness.
Now this is very interesting. I'll check the box for extra large mailboxes
and somehow I'm suspecting that this could be the case.
Thanks for your pointers, Bill.
--
Mit freundlichen Grüßen / Best regards
Michael Stauber
Stauber Multimedia Design ____ Phone: +49-6471-923812
Hauptstrasse 31 ______ D-56244 Goddert ______ Germany
SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM