[338] in Zephyr_Bugs
Core dump of zhm
daemon@ATHENA.MIT.EDU (epeisach@Athena.MIT.EDU)
Tue Jan 28 12:28:04 1992
From: epeisach@Athena.MIT.EDU
Date: Tue, 28 Jan 92 12:27:32 -0500
To: bug-dialup@Athena.MIT.EDU, bug-zephyr@Athena.MIT.EDU
Found on a vax dialup server that had been up for 47 days. The coredump
is 6.3Meg so I don't know if it is a memory leak or someone being
malicious. The core dump was from Monday 1pm.
Core dump found in;
/mit/coredumps/zhm.core.vax.dialup.921208
Crash dump looks as follows:
e40-008-11# adb /kangaroo/u1/public/zhm core.root
$c
_bcopy(0,7fffe0b0,400) from _ZReceivePacket+44
_ZReceivePacket(7fffe0b0,7fffe0ac,1356c) from ae9
_main(1,7fffe580,7fffe588) from start+3d
Running strings on the core dump indicates the following:
A large zephyrgram was being sent from one user to another.
The data appears to a multiple (>3) copies of the hosts file.
This appears to be a malicious act by the user in question - should
action be taken?
I suspect that the zephyr server may be ready to keal over as well.
Ezra
