Hi All,
> Multiple Ventors SSH Server Remote Buffer Overflow Vulnerability > http://www.securityfocus.com/bid/17958 This is a _server_ side vulnerability, but what a coincidence!!! You guys without Putty: Are you sure that there was _never_ any remote connection as root from any side? Frank > -----Original Message----- > From: AOLserver Discussion > [mailto:[EMAIL PROTECTED] On Behalf Of CArole Lahaye > Sent: Thursday, May 18, 2006 1:08 PM > To: AOLSERVER@LISTSERV.AOL.COM > Subject: [AOLSERVER] Trojaned Putty? [Was: Something wrong > after 2006-05-12 21:25] > > > Hi All, > > Funny stuff. Never seen in 15 years any server sucking up Gigs > of virtual memory after a certain date. Instead, my first bet is > that this is a new kind of virus/trojan/... > It must have something to do with Putty: > > - I've restarted our AOLServer 3.3.1ad13 using the Linux > shell and there were no issues at all. > > - Now I've entered using Putty (0.5.6) and - what a surprise - > everything crashes now. > > I could imagine that this is a new type of trojan that > exploits a vulnerability in Putty and uses it to inject code into a > Linux system that in turn infects another Putty. > > And this injected code would modify the behavious of pThreads > and kill our beloved AOLServer. > > Could somebody try to confirm this? It's just a theory and > I haven't found any proof yet, but it sounds more probable to > me then a AOLServer suddently going wild. > > Even if this theory should prove wrong - It might be a good > idea to watch out for such a kind of Trojan, don't you think? > > Cheers, > Frank > > --- > Frank Bergmann > Dipl.-Ing., MBA > Managing Director ]project-open[ > > Tel: +34 933 250 914 > Cell: +34 609 953 751 > Fax: +34 932 890 729 > mailto:[EMAIL PROTECTED] > http://www.project-open.com/ > > > > -----Original Message----- > > From: AOLserver Discussion > > [mailto:[EMAIL PROTECTED] On Behalf Of Dossy Shiobara > > Sent: Wednesday, May 17, 2006 10:35 PM > > To: AOLSERVER@LISTSERV.AOL.COM > > Subject: [AOLSERVER] Something wrong after 2006-05-12 21:25 > > (was Re: Weird "memory leak" problem in AOLserver 3.4.2/3.x) > > > > > > On 2006.05.17, Zachary Shaw <[EMAIL PROTECTED]> wrote: > > > We're experiancing a similar issue at Brandeis University, > > but we get > > > no error, our scheduled procs just hang. [...] we're > > running aolserver > > > 3.3.1 ad13 [...] if I set the system date to may 12th or > > earilier all > > > the procs will run. otherwise they run for a little then stop. > > > > > > looking at the straces the difference appears to be in how the > > > nanosleep is set for the pids. > > > > > > before may 13th nanosleep was in the form > > > [pid 614] nanosleep({0, 344780000}, <unfinished ...> > > > > > > after the 12th there were nanosleeps in the form > > > [pid 614] nanosleep({999999999, 934211000}, <unfinished ...> > > > > Dave Siktberg seems to have narrowed it down to 2006-05-12 21:25. > > > > What's interesting is I'm running AOLserver 4.0.10 on > > x86/Linux 2.6.15.6 with glibc6 2.3.5 with no OpenACS and all > > my scheduled procs are firing just fine. > > > > Can we get everyone who's experiencing this problem to provide a few > > things: > > > > 1) ns_info patchlevel > > 2) uname -a > > 3) glibc version > > > > I'm betting this is an older Linux or LinuxThreads or glibc > > problem. I could be wrong, of course, but gathering this > > info will help to figure it out. > > > > -- Dossy > > > > -- > > Dossy Shiobara | [EMAIL PROTECTED] | http://dossy.org/ > > Panoptic Computer Network | http://panoptic.com/ > > "He realized the fastest way to change is to laugh at your own > > folly -- then you can let go and quickly move on." (p. 70) > > > > > > -- > > AOLserver - http://www.aolserver.com/ > > > > To Remove yourself from this list, simply send an email to > > <[EMAIL PROTECTED]> with the body of "SIGNOFF > > AOLSERVER" in the email message. You can leave the Subject: > > field of your email blank. > > > > > -- > AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to > <[EMAIL PROTECTED]> with the > body of "SIGNOFF AOLSERVER" in the email message. You can > leave the Subject: field of your email blank. > -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
