Package: snort Version: 2.7.0-20 Severity: important Snort segfaults some time after startup, as witnessed by syslog:
Oct 30 07:58:30 treize kernel: [2835892.216074] snort[7047]: segfault at c ip b7b66443 sp bf90d57c error 4 in libc-2.7.so[b7af0000+155000] Oct 30 09:51:54 treize kernel: [2842695.784249] snort[13280]: segfault at 69 ip b7c2c41b sp bfed249c error 4 in libc-2.7.so[b7bb6000+155000] I attached a gdb to my snort instance on eth0 (internet), it segfaulted after about 5 minutes. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb7b288c0 (LWP 14885)] 0xb7b9f443 in strlen () from /lib/i686/cmov/libc.so.6 (gdb) bt #0 0xb7b9f443 in strlen () from /lib/i686/cmov/libc.so.6 #1 0xb7b6c1ac in vfprintf () from /lib/i686/cmov/libc.so.6 #2 0xb7b903b4 in vsnprintf () from /lib/i686/cmov/libc.so.6 #3 0x08063194 in ?? () #4 0xbfa44213 in ?? () #5 0x00000400 in ?? () #6 0x080d0070 in ?? () #7 0xbfa44624 in ?? () #8 0x00000000 in ?? () This type of segfaults has seemed to happen quite regularly since october 27th. It looks like it happens more often when processing bittorrent traffic. I upgraded snort on october 23th: [UPGRADE] snort 2.7.0-19 -> 2.7.0-20 [UPGRADE] snort-common 2.7.0-19 -> 2.7.0-20 [UPGRADE] snort-common-libraries 2.7.0-19 -> 2.7.0-20 [UPGRADE] snort-rules-default 2.7.0-19 -> 2.7.0-20 I don't remember this happening before. I have no pcap trace. I can search the logs, but I don't know what to look for. I can investigate more if needed. Thanks a lot for your help. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages snort depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii libc6 2.7-15 GNU C Library: Shared libraries ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libgnutls26 2.4.2-1 the GNU TLS library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii libltdl3 1.5.26-4 A system independent dlopen wrappe ii libpcap0.8 0.9.8-5 system interface for user-level pa ii libpcre3 7.8-2 Perl 5 Compatible Regular Expressi ii libprelude2 0.9.18.1-1 Hybrid Intrusion Detection System ii libtasn1-3 1.5-1 Manage ASN.1 structures (runtime) ii logrotate 3.7.1-5 Log rotation utility ii snort-common 2.7.0-20 flexible Network Intrusion Detecti ii snort-common-libraries 2.7.0-20 flexible Network Intrusion Detecti ii snort-rules-default 2.7.0-20 flexible Network Intrusion Detecti ii sysklogd [system-log-d 1.5-5 System Logging Daemon ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages snort recommends: ii iproute 20080725-2 networking and traffic control too Versions of packages snort suggests: pn snort-doc <none> (no description available) -- debconf information: * snort/startup: boot snort/please_restart_manually: * snort/stats_treshold: 1 * snort/address_range: any * snort/options: snort/invalid_interface: * snort/interface: eth0 eth1 * snort/stats_rcpt: root * snort/send_stats: true snort/config_parameters: * snort/config_error: * snort/reverse_order: false * snort/disable_promiscuous: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
