'Re: Nessus Destroying SunLink Service'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus-devel
Subject:    Re: Nessus Destroying SunLink Service
From:       fz ahmad <faizshuja () yahoo ! it>
Date:       2002-07-15 6:01:19
[Download RAW message or body]

Greetings,

I was just browsing list emails, found this email regarding SunLink Service. I had \
same problem with Sun 2.6 few days back. 

The solution for this problem is that you kill the associated process "fs" and then \
kill -9 inetd and start it again, But beware that you dont kill it if not on the \
system console or serial cable.

The problem came on 2.6 only not on 2.8.

Regards,
Faiz

Greetings, 
If anyone has seen problems similar to the following, we'd appreciate 
any feedback you can provide. 


We recently ran nessus against one of our subnets and promptly crashed 
several MQ-Series servers running SunLink. Although the nessus DoS 
plugins were turned OFF, the affected servers dropped LU6.2 sessions 
with their hosts and all open SunLink Controller Windows reported an 
endless succession of error messages until the systems were halted and 
the platforms rebooted. 

Subsequent lab testing confirmed that this happens every time nessus us 
run and indicates two plugins are causing the problems: 
find_services.nes and bind_zxfr_bug.nasl. Turning just these two 
plugins off eliminates the problem and turning ONLY these two on crashes 
SunLink every time nessus is run. Running the tool with only 
find_services.nes enabled produces the symptoms above. Using it with 
only the bind_zxfr_bug.nasl on still crashes the service but produces 
only a single "broken pipe" error message. In both cases, a complete 
system restart is necessary to get SunLink back up. 

Here are the details: 

Test Device: 
Dell Inspiron 7500 
RedHat Linux 6.2 

Server: 
Sun Ultra 
Solaris 2.6 
MQSeries v5.0 
Sunlink 9.1 

Tools: 
nessus 1.0.5 with plugins current as of 12/12/00 
nmap V. 2.54BETA5 
tcpdump 3.4 

SunLink Controller Window Error Messages: 

Dec 13 12:52:10 XXX71890 bsd-gw[1769]: Error reading from connection: 
Bad file number 
Dec 13 12:52:10 XXX71890 rsh[1772]: connection from bad port 
Dec 13 12:52:11 XXX71890 SunCPD: [Server SPARKY] XSVC000c : error on 
socket write in dis_sock_write. Broken pipe 
Dec 13 12:52:11 XXX71890 XSVC000c : error on socket write in 
dis_sock_write. Broken pipe 
Dec 13 12:52:11 XXX71890 inetd[1774]: execv /usr/openwin/bin/Xaserver: 
No such file or directory 
Dec 13 12:52:11 XXX71890 inetd[186]: /usr/openwin/bin/Xaserver: 
HangupDec 13 12:52:30 XXX71890 last message repeated 118 times 
Dec 13 12:52:30 XXX71890 rsh[1909]: connection from bad port 
Dec 13 12:52:30 XXX71890 inetd[186]: /usr/openwin/bin/Xaserver: Hangup 
Dec 13 12:52:33 XXX71890 last message repeated 16 times 
Dec 13 12:52:33 XXX71890 bsd-gw[1928]: Invalid protocol request (71): 
GGET / HTTP/1.0 
Dec 13 12:52:33 XXX71890 inetd[186]: /usr/openwin/bin/Xaserver: Hangup 
Dec 13 12:52:48 XXX71890 last message repeated 82 times 
Dec 13 12:52:49 XXX71890 SunCPD: [System XXX71890] XSVC0011 : calloc 
failure - unable to allocate memory in dis_sock_read 
Dec 13 12:52:49 XXX71890 XSVC0011 : calloc failure - unable to allocate 
memory in dis_sock_read 
Dec 13 12:52:49 XXX71890 XSVC0011 : callolast message repeated 11 times 
Dec 13 12:52:49 XXX71890 XSVC0011 : calloc failure - unable to allocate 
memory in d 
Dec 13 12:52:49 XXX71890 SunCPD: [System XXX71890] nable to allocate 
memory in dis_sock_read 
Dec 13 12:52:49 XXX71890 XSVC0011 : calloc failure - unable to allocate 
memory in dis_sock_read 
Dec 13 12:52:49 XXX71890 XSVC0011 : callolast message repeated 12 times 
Dec 13 12:52:49 XXX71890 XSVC0011 : callo 
Dec 13 12:52:49 XXX71890 SunCPD: [System XXX71890] is_sock_read 
Dec 13 12:52:49 XXX71890 XSVC0011 : calloc failure - unable to allocate 
memory in dis_sock_read 
--More--(2%) 


We have advised Sun of the problem but would like to hear from others 
who might have some experience with it, has ideas regarding what might 
be causing it, or possible solutions. Any feedback would be greatly 
appreciated. 

Thanks, 
Exblue 



---------------------------------
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes


[Attachment #3 (text/html)]

<P><STRONG>Greetings,</STRONG></P>
<P><STRONG>I was just browsing list emails, found this email regarding SunLink \
Service. I had same problem with Sun 2.6 few days back. </STRONG></P> <P><STRONG>The \
solution for this problem is that&nbsp;you kill the associated process "fs" and then \
kill -9 inetd and start it again, But beware that you dont kill it if not on the \
system console or serial cable.</STRONG></P> <P><STRONG>The problem came on 2.6 only \
not on 2.8.</STRONG></P> <P><STRONG>Regards,<BR>Faiz</STRONG></P>
<P><EM>Greetings, <BR>If anyone has seen problems similar to the following, we'd \
appreciate <BR>any feedback you can provide. <BR></P></EM> <P><EM>We recently ran \
nessus against one of our subnets and promptly crashed <BR>several MQ-Series servers \
running SunLink. Although the nessus DoS <BR>plugins were turned OFF, the affected \
servers dropped LU6.2 sessions <BR>with their hosts and all open SunLink Controller \
Windows reported an <BR>endless succession of error messages until the systems were \
halted and <BR>the platforms rebooted. <BR></EM> <P><EM>Subsequent lab testing \
confirmed that this happens every time nessus us <BR>run and indicates two plugins \
are causing the problems: <BR>find_services.nes and bind_zxfr_bug.nasl. Turning just \
these two <BR>plugins off eliminates the problem and turning ONLY these two on \
crashes <BR>SunLink every time nessus is run. Running the tool with only \
<BR>find_services.nes enabled produces the symptoms above. Using it with <BR>only the \
bind_zxfr_bug.nasl on still crashes the service but produces <BR>only a single \
"broken pipe" error message. In both cases, a complete <BR>system restart is \
necessary to get SunLink back up. <BR></EM> <P><EM>Here are the details: <BR></EM>
<P><EM>Test Device: <BR>Dell Inspiron 7500 <BR>RedHat Linux 6.2 <BR></EM>
<P><EM>Server: <BR>Sun Ultra <BR>Solaris 2.6 <BR>MQSeries v5.0 <BR>Sunlink 9.1 \
<BR></EM> <P><EM>Tools: <BR>nessus 1.0.5 with plugins current as of 12/12/00 <BR>nmap \
V. 2.54BETA5 <BR>tcpdump 3.4 <BR></EM> <P><EM>SunLink Controller Window Error \
Messages: <BR></EM> <P><EM>Dec 13 12:52:10 XXX71890 bsd-gw[1769]: Error reading from \
connection: <BR>Bad file number <BR>Dec 13 12:52:10 XXX71890 rsh[1772]: connection \
from bad port <BR>Dec 13 12:52:11 XXX71890 SunCPD: [Server SPARKY] XSVC000c : error \
on <BR>socket write in dis_sock_write. Broken pipe <BR>Dec 13 12:52:11 XXX71890 \
XSVC000c : error on socket write in <BR>dis_sock_write. Broken pipe <BR>Dec 13 \
12:52:11 XXX71890 inetd[1774]: execv /usr/openwin/bin/Xaserver: <BR>No such file or \
directory <BR>Dec 13 12:52:11 XXX71890 inetd[186]: /usr/openwin/bin/Xaserver: \
<BR>HangupDec 13 12:52:30 XXX71890 last message repeated 118 times <BR>Dec 13 \
12:52:30 XXX71890 rsh[1909]: connection from bad port <BR>Dec 13 12:52:30 XXX71890 \
inetd[186]: /usr/openwin/bin/Xaserver: Hangup <BR>Dec 13 12:52:33 XXX71890 last \
message repeated 16 times <BR>Dec 13 12:52:33 XXX71890 bsd-gw[1928]: Invalid protocol \
request (71): <BR>GGET / HTTP/1.0 <BR>Dec 13 12:52:33 XXX71890 inetd[186]: \
/usr/openwin/bin/Xaserver: Hangup <  BR>Dec 13 12:52:48 XXX71890 last message \
repeated 82 times <BR>Dec 13 12:52:49 XXX71890 SunCPD: [System XXX71890] XSVC0011 : \
calloc <BR>failure - unable to allocate memory in dis_sock_read <BR>Dec 13 12:52:49 \
XXX71890 XSVC0011 : calloc failure - unable to allocate <BR>memory in dis_sock_read \
<BR>Dec 13 12:52:49 XXX71890 XSVC0011 : callolast message repeated 11 times <BR>Dec \
13 12:52:49 XXX71890 XSVC0011 : calloc failure - unable to allocate <BR>memory in d \
<BR>Dec 13 12:52:49 XXX71890 SunCPD: [System XXX71890] nable to allocate <BR>memory \
in dis_sock_read <BR>Dec 13 12:52:49 XXX71890 XSVC0011 : calloc failure - unable to \
allocate <BR>memory in dis_sock_read <BR>Dec 13 12:52:49 XXX71890 XSVC0011 : \
callolast message repeated 12 times <BR>Dec 13 12:52:49 XXX71890 XSVC0011 : callo \
<BR>Dec 13 12:52:49 XXX71890 SunCPD: [System XXX71890] is_sock_read <BR>Dec 13 \
12:52:49 XXX71890 XSVC0011 : calloc failure - unable to allocate <BR>memory in \
dis_sock_read <BR>--More--(2%) <BR></EM> <P><EM></EM>
<P><EM>We have advised Sun of the problem but would like to hear from others <BR>who \
might have some experience with it, has ideas regarding what might <BR>be causing it, \
or possible solutions. Any feedback would be greatly <BR>appreciated. <BR></EM> \
<P><EM>Thanks, <BR>Exblue </EM></P><p><br><hr size=1><b>Do You Yahoo!?</b><br> <a \
href="http://autos.yahoo.com/">Yahoo! Autos</a> - Get free new car price quotes



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic