Bug 41799

Summary: X (Gnome) session abruptly terminated
Product: [Retired] Red Hat Linux Reporter: Paul Michael Reilly <pmr>
Component: XFree86Assignee: Mike A. Harris <mharris>
Status: CLOSED WONTFIX QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-02-09 09:05:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The X Server log (from /var/log/XFree86.0.log)
none
The XFree86 config file
none
Just noticed this in /var/log/messages. Note the gnome-name-server exiting.
none
Ignore last attachment content (didn't save the buffer) :-( none

Description Paul Michael Reilly 2001-05-22 08:29:39 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-2smp i686; en-US; 0.8.1)
Gecko/20010425

Description of problem:
The currently logged in User is effectively logged out and the login screen
(Gnome) is presented.  This problem is sort of random and occurs when no
user is operating at the console, i.e. the problem is generally discovered
when returning to hack and finding that the session has been killed.  On
one occasion (just now) the problem occurred as I was browsing, more
specifically while halfway through reading a page on the screen.  I have
also heard this problem reported by a co-worker.

I have no clue on how to reproduce this problem.  Suggestions on capturing
information that may lead to reproducability will be gratefully received.

How reproducible:
Didn't try

Steps to Reproduce:
1.Install RHL 7.1
2.Login via Gnome login screen.
3.Wait days and days (~6-14)
4.Observe a fresh login screen even though no logout occurred.
	

Additional info:

I am aware of this problem occurring on RHL 6.2 as well as 7.1.

My system is a dual Xeon with a Viper V550 AGP graphics card.

No error messages or system log entries are generated.
Comment 1 Mike A. Harris 2001-05-22 19:34:58 UTC 
Need an X server log from you, and your config file.  Please attach each
separatly via the file attach link below.
Comment 2 Paul Michael Reilly 2001-05-23 17:48:46 UTC 
Created attachment 19430 [details]
The X Server log (from /var/log/XFree86.0.log)
Comment 3 Paul Michael Reilly 2001-05-23 17:51:18 UTC 
Created attachment 19431 [details]
The XFree86 config file
Comment 4 Paul Michael Reilly 2001-05-23 17:59:45 UTC 
Created attachment 19432 [details]
Just noticed this in /var/log/messages.  Note the gnome-name-server exiting.
Comment 5 Paul Michael Reilly 2001-05-23 18:01:12 UTC 
Created attachment 19433 [details]
Ignore last attachment content (didn't save the buffer) :-(
Comment 6 Mike A. Harris 2002-02-09 09:05:08 UTC 
The X server log you've shown is from XFree86 4.x, however your X config file
is an XFree86 3.3.6 config file.  You need to attach the XFree86 4.x config
file, which is XF86Config-4.

The /var/log/messages file you've attached shows the following:

May 22 03:17:07 hamm rpc.statd[529]: gethostbyname error for
^Xw?^Xw?^Yw?^Yw?^Zw?^Zw?^[w?^[w?%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220

That is an attempt by someone to break into your machine using a remote
buffer overflow attack against the rpc.statd service.  They may or may
not have been successful at breaking in, however to ensure this type
of threat does not occur in the future, I _strongly_ urge you to run
the latest updated packages which Red Hat releases as security and bug
fixes to the distribution.  You can do this by using the "up2date"
command.  Also, you should disable any services running on your machine
that are not needed and/or not used during normal usage of the machine.
rpc.statd is used when using nfs for example, so if you do not use nfs,
be sure to disable all nfs related services.  It is also strongly
recommended to enable a firewall using firewall-config or some other
firewall configuration utility - which if configured properly could
block attacks like this one.

The crashes may or may not be linked to the attack attempt.

We have released many updates to Red Hat Linux since the report was
filed, including an update to XFree86.  If you haven't upgraded already,
please upgrade to XFree86-4.1.0-15 as well as any other errata updates
not already applied.

If this problem persists still, please update this bug report with
your current details, including the XF86Config-4 config file, and
also a new X server log.  If you do have a server crash, make sure you
do _not_ start up XFree86 again before copying the log file, as the
new X server log will have overwrote the prior logfile thus wiping
out any useful crash info.

Thanks.
Comment 7 Mike A. Harris 2002-05-30 06:28:10 UTC 
CLosing due to inactivity.  If the problem persists, please file a bug
report with XFree86 directly at xfree86, and carbon copy
xpert.