Package: snort-mysql
Version: 2.7.0-6
Severity: important
I'm using snort-mysql and every now and then snort just isn't running
anymore. There is not entry in snort.log and I still have to run snort
under strace(1) and see if it'll tell me why it exits, but I've run
snort-mysql under valgrind and after 3 days it dumped core (it never
dumped core before):
Invalid read of size 4
at 0x80A9CE0: (within /usr/sbin/snort)
by 0x80AAD7E: (within /usr/sbin/snort)
by 0x8063C7D: (within /usr/sbin/snort)
by 0x805EBFD: (within /usr/sbin/snort)
by 0x805EDB2: (within /usr/sbin/snort)
by 0x42A0BA3: (within /usr/lib/libpcap.so.0.9.8)
by 0x42A0EF6: pcap_dispatch (in
/usr/lib/libpcap.so.0.9.8)
by 0x805BCE8: (within /usr/sbin/snort)
by 0x805E158: (within /usr/sbin/snort)
by 0x805EA21: (within /usr/sbin/snort)
by 0x431C44F: (below main) (in
/lib/i686/cmov/libc-2.7.so)
Address 0x8 is not stack'd, malloc'd
or (recently) free'd
Process terminating with default action of signal 11 (SIGSEGV): dumping core
Access not within mapped region at address 0x8
at 0x80A9CE0: (within /usr/sbin/snort)
by 0x80AAD7E: (within /usr/sbin/snort)
by 0x8063C7D: (within /usr/sbin/snort)
by 0x805EBFD: (within /usr/sbin/snort)
by 0x805EDB2: (within /usr/sbin/snort)
by 0x42A0BA3: (within /usr/lib/libpcap.so.0.9.8)
by 0x42A0EF6: pcap_dispatch (in /usr/lib/libpcap.so.0.9.8)
by 0x805BCE8: (within /usr/sbin/snort)
by 0x805E158: (within /usr/sbin/snort)
by 0x805EA21: (within /usr/sbin/snort)
by 0x431C44F: (below main) (in /lib/i686/cmov/libc-2.7.so)
ERROR SUMMARY:
102652 errors from 49 contexts (suppressed: 0 from 0)
malloc/free: in use at exit: 168,233,182 bytes in 526,689 blocks.
malloc/free: 5,227,901 allocs, 4,701,212 frees, 275,777,042 bytes allocated.
For counts of detected errors, rerun with: -v searching for pointers to 526,689
not-freed blocks. checked 174,012,052 bytes.
--------------
More details: http://nerdbynature.de/bits/snort
Can somebody make any sense of the log entries above? I still have the
coredump (222MB, 16MB in bz2), I could upload it too if needed.
Thanks,
Christian.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-rc5
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages snort-mysql depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii libc6 2.7-4 GNU C Library: Shared libraries
ii libmysqlclient15off 5.0.45-3 MySQL database client library
ii libpcap0.8 0.9.8-2 System interface for user-level pa
ii libpcre3 7.3-2 Perl 5 Compatible Regular Expressi
ii logrotate 3.7.1-3 Log rotation utility
ii snort-common 2.7.0-6 Flexible Network Intrusion Detecti
ii snort-common-libraries 2.7.0-6 Flexible Network Intrusion Detecti
ii snort-rules-default 2.7.0-6 Flexible Network Intrusion Detecti
ii syslog-ng [system-log-d 2.0.5-3 Next generation logging daemon
ii zlib1g 1:1.2.3.3.dfsg-7 compression library - runtime
snort-mysql recommends no packages.
-- debconf information:
* snort-mysql/db_database: snort
* snort-mysql/options:
snort-mysql/stats_treshold: 1
* snort-mysql/interface: eth2
* snort-mysql/db_host: 127.0.0.1
* snort-mysql/address_range: 192.168.10.0/24
* snort-mysql/reverse_order: false
snort-mysql/please_restart_manually:
snort-mysql/config_error:
* snort-mysql/configure_db: true
* snort-mysql/startup: boot
* snort-mysql/send_stats: false
* snort-mysql/needs_db_config:
snort-mysql/stats_rcpt: root
* snort-mysql/db_user: snort
* snort-mysql/disable_promiscuous: false
snort-mysql/config_parameters:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
