Bug 41799
Summary: | X (Gnome) session abruptly terminated | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Paul Michael Reilly <pmr> |
Component: | XFree86 | Assignee: | Mike A. Harris <mharris> |
Status: | CLOSED WONTFIX | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.1 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2002-02-09 09:05:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
Paul Michael Reilly
2001-05-22 08:29:39 UTC
Need an X server log from you, and your config file. Please attach each separatly via the file attach link below. Created attachment 19430 [details]
The X Server log (from /var/log/XFree86.0.log)
Created attachment 19431 [details]
The XFree86 config file
Created attachment 19432 [details]
Just noticed this in /var/log/messages. Note the gnome-name-server exiting.
Created attachment 19433 [details]
Ignore last attachment content (didn't save the buffer) :-(
The X server log you've shown is from XFree86 4.x, however your X config file is an XFree86 3.3.6 config file. You need to attach the XFree86 4.x config file, which is XF86Config-4. The /var/log/messages file you've attached shows the following: May 22 03:17:07 hamm rpc.statd[529]: gethostbyname error for ^Xw?^Xw?^Yw?^Yw?^Zw?^Zw?^[w?^[w?%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220 That is an attempt by someone to break into your machine using a remote buffer overflow attack against the rpc.statd service. They may or may not have been successful at breaking in, however to ensure this type of threat does not occur in the future, I _strongly_ urge you to run the latest updated packages which Red Hat releases as security and bug fixes to the distribution. You can do this by using the "up2date" command. Also, you should disable any services running on your machine that are not needed and/or not used during normal usage of the machine. rpc.statd is used when using nfs for example, so if you do not use nfs, be sure to disable all nfs related services. It is also strongly recommended to enable a firewall using firewall-config or some other firewall configuration utility - which if configured properly could block attacks like this one. The crashes may or may not be linked to the attack attempt. We have released many updates to Red Hat Linux since the report was filed, including an update to XFree86. If you haven't upgraded already, please upgrade to XFree86-4.1.0-15 as well as any other errata updates not already applied. If this problem persists still, please update this bug report with your current details, including the XF86Config-4 config file, and also a new X server log. If you do have a server crash, make sure you do _not_ start up XFree86 again before copying the log file, as the new X server log will have overwrote the prior logfile thus wiping out any useful crash info. Thanks. CLosing due to inactivity. If the problem persists, please file a bug report with XFree86 directly at xfree86, and carbon copy xpert. |