Bug 1069632

Summary: Chkrootkit - "Stack Smashing"
Product: [Fedora] Fedora EPEL Reporter: GV <rhel>
Component: chkrootkitAssignee: manuel wolfshant <manuel.wolfshant>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: el6CC: manuel.wolfshant
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: chkrootkit-0.49-3.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 626067 Environment:
Last Closed: 2014-03-17 05:58:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description GV 2014-02-25 12:39:36 UTC 
I see bug #626067 (fedora 13) also in centos 6.

+++ This bug was initially created as a clone of Bug #626067 +++

Description of problem:

I'm not sure if this is a duplicate of bug 577979 (https://bugzilla.redhat.com/show_bug.cgi?id=577979), but just in case I detail it here...

Just upgraded from F11 to F13. Installed chkrootkit using yum. It installed chkrootkit-0.48-14.fc12.i686.

On each run of chkrootkit it declares:

Checking `chkutmp'... *** stack smashing detected ***: ./chkutmp terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4d)[0x8bbfcd]
/lib/libc.so.6[0x8bbf7a]
./chkutmp[0x8048b1a]
./chkutmp[0x8048b6c]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7dacc6]
./chkutmp[0x8048681]
======= Memory map: ========
007a2000-007c0000 r-xp 00000000 08:06 67810      /lib/ld-2.12.so
007c0000-007c1000 r--p 0001d000 08:06 67810      /lib/ld-2.12.so
007c1000-007c2000 rw-p 0001e000 08:06 67810      /lib/ld-2.12.so
007c4000-00949000 r-xp 00000000 08:06 68736      /lib/libc-2.12.so
00949000-0094a000 ---p 00185000 08:06 68736      /lib/libc-2.12.so
0094a000-0094c000 r--p 00185000 08:06 68736      /lib/libc-2.12.so
0094c000-0094d000 rw-p 00187000 08:06 68736      /lib/libc-2.12.so
0094d000-00950000 rw-p 00000000 00:00 0 
00a1e000-00a1f000 r-xp 00000000 00:00 0          [vdso]
05408000-05425000 r-xp 00000000 08:06 37890      /lib/libgcc_s-4.4.4-20100630.so.1
05425000-05426000 rw-p 0001d000 08:06 37890      /lib/libgcc_s-4.4.4-20100630.so.1
08048000-0804a000 r-xp 00000000 08:06 272597     /usr/lib/chkrootkit-0.48/chkutmp
0804a000-0804b000 rw-p 00001000 08:06 272597     /usr/lib/chkrootkit-0.48/chkutmp
08462000-08483000 rw-p 00000000 00:00 0          [heap]
b78dc000-b78dd000 rw-p 00000000 00:00 0 
b78ec000-b78ed000 rw-p 00000000 00:00 0 
bf813000-bf98f000 rw-p 00000000 00:00 0          [stack]
/usr/lib/chkrootkit-0.48/chkrootkit: line 172: 18748 Aborted                 (core dumped) ./chkutmp


Version-Release number of selected component (if applicable):

chkrootkit-0.48-14.fc12.i686

How reproducible:
Every Time

Steps to Reproduce:
1. Install Fedora 13
2. Yum install chkrootkit
3. chkrootkit
  
Actual results:

See above

Expected results:


Additional info:

--- Additional comment from Jon Ciesla on 2010-08-23 11:01:57 EDT ---

0.49 is in koji for f14, and should work on f13.  Can you test and see if this fixes your issue?   If so I can build for f13 and push as an update.

Thanks!

http://koji.fedoraproject.org/koji/buildinfo?buildID=162682

--- Additional comment from Arthur Dent on 2010-08-23 14:52:41 EDT ---

Nope. Sorry. Same problem...

# yum remove chkrootkit

Erasing        : chkrootkit-0.48-14.fc12.i686
Removed:
  chkrootkit.i686 0:0.48-14.fc12                                                                                                                                

Complete!

# rpm -Uvh chkrootkit-0.49-1.fc14.i686.rpm 
Preparing...                ########################################### [100%]
   1:chkrootkit             ########################################### [100%]

# chkrootkit

...

Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... *** stack smashing detected ***: ./chkutmp terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4d)[0x8bbfcd]
/lib/libc.so.6[0x8bbf7a]
./chkutmp[0x8048b22]
./chkutmp[0x8048b6c]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7dacc6]
./chkutmp[0x8048681]
======= Memory map: ========
007a2000-007c0000 r-xp 00000000 08:06 67810      /lib/ld-2.12.so
007c0000-007c1000 r--p 0001d000 08:06 67810      /lib/ld-2.12.so
007c1000-007c2000 rw-p 0001e000 08:06 67810      /lib/ld-2.12.so
007c4000-00949000 r-xp 00000000 08:06 68736      /lib/libc-2.12.so
00949000-0094a000 ---p 00185000 08:06 68736      /lib/libc-2.12.so
0094a000-0094c000 r--p 00185000 08:06 68736      /lib/libc-2.12.so
0094c000-0094d000 rw-p 00187000 08:06 68736      /lib/libc-2.12.so
0094d000-00950000 rw-p 00000000 00:00 0 
00e51000-00e52000 r-xp 00000000 00:00 0          [vdso]
05408000-05425000 r-xp 00000000 08:06 37890      /lib/libgcc_s-4.4.4-20100630.so.1
05425000-05426000 rw-p 0001d000 08:06 37890      /lib/libgcc_s-4.4.4-20100630.so.1
08048000-0804a000 r-xp 00000000 08:06 272588     /usr/lib/chkrootkit-0.49/chkutmp
0804a000-0804b000 rw-p 00001000 08:06 272588     /usr/lib/chkrootkit-0.49/chkutmp
09094000-090b5000 rw-p 00000000 00:00 0          [heap]
b7855000-b7856000 rw-p 00000000 00:00 0 
b7865000-b7866000 rw-p 00000000 00:00 0 
bf7b6000-bf931000 rw-p 00000000 00:00 0          [stack]
/usr/lib/chkrootkit-0.49/chkrootkit: line 195: 28971 Aborted                 (core dumped) ./chkutmp
Checking `OSX_RSPLUG'... not infected

--- Additional comment from Michael Schwendt on 2010-10-13 17:02:51 EDT ---

*Please* redirect the output of

  ps ax -o "tty,pid,ruser,args"

to a file and attach it.

--- Additional comment from Michael Schwendt on 2010-10-13 17:05:23 EDT ---

Please also run "debuginfo-install -y chkrootkit" as root user to complete the missing details in the backtrace. (I wonder why ABRT doesn't catch this crash?)

--- Additional comment from Arthur Dent on 2010-10-14 14:19:37 EDT ---



--- Additional comment from Arthur Dent on 2010-10-14 14:24:10 EDT ---

Well I ran the debug-info command which installed the following packages:
    glibc-debuginfo-2.12.1-2.i686
    yum-plugin-auto-update-debug-info-1.1.28-1.fc13.noarch

If this should have produced more detailed output from the cron job I'm not sure it worked. Here is the output from last night's run:

*** stack smashing detected ***: ./chkutmp terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4d)[0x426fdd]
/lib/libc.so.6(+0x389f8a)[0x426f8a]
./chkutmp[0x8048b22]
./chkutmp[0x8048b6c]
/lib/libc.so.6(__libc_start_main+0xe6)[0x345cc6]
./chkutmp[0x8048681]
======= Memory map: ========
0024d000-0026a000 r-xp 00000000 08:06 9530       /lib/libgcc_s-4.4.4-20100630.so.1
0026a000-0026b000 rw-p 0001d000 08:06 9530       /lib/libgcc_s-4.4.4-20100630.so.1
00270000-0028e000 r-xp 00000000 08:06 5744       /lib/ld-2.12.1.so
0028e000-0028f000 r--p 0001d000 08:06 5744       /lib/ld-2.12.1.so
0028f000-00290000 rw-p 0001e000 08:06 5744       /lib/ld-2.12.1.so
0032e000-0032f000 r-xp 00000000 00:00 0          [vdso]
0032f000-004b4000 r-xp 00000000 08:06 5745       /lib/libc-2.12.1.so
004b4000-004b5000 ---p 00185000 08:06 5745       /lib/libc-2.12.1.so
004b5000-004b7000 r--p 00185000 08:06 5745       /lib/libc-2.12.1.so
004b7000-004b8000 rw-p 00187000 08:06 5745       /lib/libc-2.12.1.so
004b8000-004bb000 rw-p 00000000 00:00 0 
08048000-0804a000 r-xp 00000000 08:06 264209     /usr/lib/chkrootkit-0.49/chkutmp
0804a000-0804b000 rw-p 00001000 08:06 264209     /usr/lib/chkrootkit-0.49/chkutmp
09aab000-09acc000 rw-p 00000000 00:00 0          [heap]
b774c000-b774d000 rw-p 00000000 00:00 0 
b775d000-b775e000 rw-p 00000000 00:00 0 
bf850000-bf9cb000 rw-p 00000000 00:00 0          [stack]
/usr/lib/chkrootkit-0.49/chkrootkit: line 195: 18558 Aborted                 (core dumped) ./chkutmp

I have attached the output from the ps command which you can find in the previous comment.

Thanks for your help so far...

--- Additional comment from Michael Schwendt on 2010-10-14 15:30:30 EDT ---

Odd. For the chkrootkit-0.49 build from koji you would need the corresponding chkrootkit-debuginfo package, though. But perhaps whatever intercepts those crashes on your machine, creates an incomplete backtrace. With the output from "ps" I could not reproduce a crash. Thank you for attaching it.


If you don't mind giving another package a try, here's a scratch-build for Fedora 13 i686 in koji,

   http://koji.fedoraproject.org/koji/taskinfo?taskID=2535549

it includes the fix for bug 577979 and corrects another problem. You may need to "rpm --oldpackage -Uvh ..." it because you've installed a .fc14 package before.

--- Additional comment from Arthur Dent on 2010-10-14 16:23:17 EDT ---

Well it's so long since I've had a working version I can't remember what the output should look like (!) The output seems a bit shorter than I remember - But with that version I no longer get the stack smashing!

Here's the start and end of the run (I can send the whole output if required). Does it look OK to you?

I think this is progress. Thank you so much!

# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
[Snip...]
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'...  The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root         1783 tty1   /usr/bin/Xorg :0 -nr -verbose -auth /var/run/gdm/auth-for-gdm-mpm0uP/database -nolisten tcp vt1
chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected
#

--- Additional comment from Michael Schwendt on 2010-10-14 16:39:24 EDT ---

combined fixes for bug 577979 and bug 626067

--- Additional comment from Jon Ciesla on 2010-10-19 09:00:59 EDT ---

Thanks!  I'll get this out.

--- Additional comment from Fedora Update System on 2010-10-19 09:38:18 EDT ---

chkrootkit-0.49-2.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/chkrootkit-0.49-2.fc13

--- Additional comment from Fedora Update System on 2010-10-19 09:38:29 EDT ---

chkrootkit-0.49-2.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/chkrootkit-0.49-2.fc12

--- Additional comment from Fedora Update System on 2010-10-19 09:38:40 EDT ---

chkrootkit-0.49-2.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/chkrootkit-0.49-2.fc14

--- Additional comment from Fedora Update System on 2010-10-19 23:09:27 EDT ---

chkrootkit-0.49-2.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update chkrootkit'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/chkrootkit-0.49-2.fc14

--- Additional comment from Fedora Update System on 2010-10-28 02:10:46 EDT ---

chkrootkit-0.49-2.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

--- Additional comment from Fedora Update System on 2010-10-28 18:19:04 EDT ---

chkrootkit-0.49-2.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

--- Additional comment from Fedora Update System on 2010-10-28 18:19:25 EDT ---

chkrootkit-0.49-2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

--- Additional comment from Ian Forde on 2012-01-24 00:45:52 EST ---

RHEL5 chkrootkit from EPEL is still version 0.49-1 and appears to suffer from this problem, at least cosmeticaly.  Can this patch please be applied there too?
Comment 1 manuel wolfshant 2014-02-25 12:50:18 UTC 
(In reply to Gabriel VLASIU from comment #0)
> I see bug #626067 (fedora 13) also in centos 6.

Hello

  I need a reproducer please. You are the first one reporting issues in the last 3.5 years


  wolfy
Comment 2 GV 2014-02-25 12:56:08 UTC 
[root@gv ~]# /usr/lib64/chkrootkit-0.49/chkutmp
*** stack smashing detected ***: /usr/lib64/chkrootkit-0.49/chkutmp terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x30a3f02827]
/lib64/libc.so.6(__fortify_fail+0x0)[0x30a3f027f0]
/usr/lib64/chkrootkit-0.49/chkutmp[0x400d80]
/usr/lib64/chkrootkit-0.49/chkutmp[0x400dd3]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x30a3e1ed1d]
/usr/lib64/chkrootkit-0.49/chkutmp[0x4008a9]
======= Memory map: ========
00400000-00402000 r-xp 00000000 08:03 539307                             /usr/lib64/chkrootkit-0.49/chkutmp
00601000-00602000 rw-p 00001000 08:03 539307                             /usr/lib64/chkrootkit-0.49/chkutmp
01a07000-01a28000 rw-p 00000000 00:00 0                                  [heap]
30a3600000-30a3620000 r-xp 00000000 08:03 529089                         /lib64/ld-2.12.so
30a381f000-30a3820000 r--p 0001f000 08:03 529089                         /lib64/ld-2.12.so
30a3820000-30a3821000 rw-p 00020000 08:03 529089                         /lib64/ld-2.12.so
30a3821000-30a3822000 rw-p 00000000 00:00 0 
30a3e00000-30a3f8b000 r-xp 00000000 08:03 529090                         /lib64/libc-2.12.so
30a3f8b000-30a418a000 ---p 0018b000 08:03 529090                         /lib64/libc-2.12.so
30a418a000-30a418e000 r--p 0018a000 08:03 529090                         /lib64/libc-2.12.so
30a418e000-30a418f000 rw-p 0018e000 08:03 529090                         /lib64/libc-2.12.so
30a418f000-30a4194000 rw-p 00000000 00:00 0 
30a7200000-30a7216000 r-xp 00000000 08:03 529100                         /lib64/libgcc_s-4.4.7-20120601.so.1
30a7216000-30a7415000 ---p 00016000 08:03 529100                         /lib64/libgcc_s-4.4.7-20120601.so.1
30a7415000-30a7416000 rw-p 00015000 08:03 529100                         /lib64/libgcc_s-4.4.7-20120601.so.1
7f61bda7f000-7f61bda82000 rw-p 00000000 00:00 0 
7f61bda9c000-7f61bda9e000 rw-p 00000000 00:00 0 
7ffff9460000-7ffff95db000 rw-p 00000000 00:00 0                          [stack]
7ffff95ff000-7ffff9600000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted

kernel 2.6.32-431.5.1.el6.x86_64

# rpm -q glibc
glibc-2.12-1.132.el6.x86_64
glibc-2.12-1.132.el6.i686
Comment 3 manuel wolfshant 2014-02-25 13:19:00 UTC 
[wolfy@wolfy chkrootkit]$ sudo  /usr/lib64/chkrootkit-0.49/chkutmp
 The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root        25192 tty7   /usr/bin/X -nr -nolisten tcp :0 vt7 -auth /var/run/kdm/A:0-oidrU9
[wolfy@wolfy chkrootkit]$ rpm -q glibc
glibc-2.12-1.132.el6.x86_64
glibc-2.12-1.132.el6.i686

I am still on 2.6.32-431.3.1.el6.x86_64 . I will verify soon on the most recent kernel but I have a strong feeling that is not the culprit.


I really have no idea how to proceed from here. I am open to suggestions
Comment 4 GV 2014-02-25 13:29:02 UTC 
I have several centos 6.5 systems (x86_64). Only one have this problem.
And I think I know why:

1. Start chkutmp (lotus note stopped):
[root@gv ~]# /usr/lib64/chkrootkit-0.49/chkutmp
 The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root         2246 tty7   /usr/bin/X -nr -nolisten tcp :0 vt7 -auth /var/run/kdm/A:0-iNMf19

2. start lotus notes and run again chkutmp:
[root@gv ~]# /usr/lib64/chkrootkit-0.49/chkutmp
*** stack smashing detected ***: /usr/lib64/chkrootkit-0.49/chkutmp terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x30a3f02827]
/lib64/libc.so.6(__fortify_fail+0x0)[0x30a3f027f0]
/usr/lib64/chkrootkit-0.49/chkutmp[0x400d80]
/usr/lib64/chkrootkit-0.49/chkutmp[0x400dd3]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x30a3e1ed1d]
/usr/lib64/chkrootkit-0.49/chkutmp[0x4008a9]
======= Memory map: ========
00400000-00402000 r-xp 00000000 08:03 539307                             /usr/lib64/chkrootkit-0.49/chkutmp
00601000-00602000 rw-p 00001000 08:03 539307                             /usr/lib64/chkrootkit-0.49/chkutmp
01f92000-01fb3000 rw-p 00000000 00:00 0                                  [heap]
30a3600000-30a3620000 r-xp 00000000 08:03 529089                         /lib64/ld-2.12.so
30a381f000-30a3820000 r--p 0001f000 08:03 529089                         /lib64/ld-2.12.so
30a3820000-30a3821000 rw-p 00020000 08:03 529089                         /lib64/ld-2.12.so
30a3821000-30a3822000 rw-p 00000000 00:00 0 
30a3e00000-30a3f8b000 r-xp 00000000 08:03 529090                         /lib64/libc-2.12.so
30a3f8b000-30a418a000 ---p 0018b000 08:03 529090                         /lib64/libc-2.12.so
30a418a000-30a418e000 r--p 0018a000 08:03 529090                         /lib64/libc-2.12.so
30a418e000-30a418f000 rw-p 0018e000 08:03 529090                         /lib64/libc-2.12.so
30a418f000-30a4194000 rw-p 00000000 00:00 0 
30a7200000-30a7216000 r-xp 00000000 08:03 529100                         /lib64/libgcc_s-4.4.7-20120601.so.1
30a7216000-30a7415000 ---p 00016000 08:03 529100                         /lib64/libgcc_s-4.4.7-20120601.so.1
30a7415000-30a7416000 rw-p 00015000 08:03 529100                         /lib64/libgcc_s-4.4.7-20120601.so.1
7f573a94e000-7f573a951000 rw-p 00000000 00:00 0 
7f573a96b000-7f573a96d000 rw-p 00000000 00:00 0 
7fff15600000-7fff1577b000 rw-p 00000000 00:00 0                          [stack]
7fff157ff000-7fff15800000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted

# ps auxww
....
gabriel  29135  4.8  1.0 232892 82296 ?        Ssl  15:25   0:01 /opt/ibm/lotus/notes/notes /authenticate
gabriel  29136  0.0  0.0  16420  2356 ?        S    15:25   0:00 nsdexec 29135 /home/gabriel/lotus/notes/data
gabriel  29142  0.0  0.0   3496   848 ?        S    15:25   0:00 sametime_idlemon 20 10
gabriel  29146 10.0  1.8 569092 145396 ?       Sl   15:25   0:02 /opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110915-1350/linux/x86/notes2 --launcher.suppressErrors -nosplash -nl en_US -dir ltr -NPARAMS /authenticate -RPARAMS -name IBM Lotus Notes -personality com.ibm.rcp.platform.personality -product com.ibm.rcp.personality.framework.RCPProduct:com.ibm.notes.branding.notes -data /home/gabriel/lotus/notes/data/workspace -configuration /home/gabriel/lotus/notes/data/workspace/.config -plugincustomization /opt/ibm/lotus/notes/framework/rcp/plugin_customization.ini -vm /opt/ibm/lotus/notes/framework/../jvm/bin -startup /opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110915-1350/launcher.jar -vmargs -Djava.security.policy=/opt/ibm/lotus/notes/framework/../java.policy -Dorg.eclipse.swt.fixCitrix=false -Dosgi.framework.extensions=com.ibm.rcp.core.logger.frameworkhook,com.ibm.rds,com.ibm.cds -Xscmx42m -Xshareclasses:name=xpdplat_%g.jvm,controlDir=/home/gabriel/lotus/notes/data/workspace/.config/org.eclipse.osgi,groupAccess,keep,singleJVM,nonfatal -Xgcpolicy:gencon -Xjit:noResumableTrapHandler -Xmaxt0.6 -Xmca8k -Xminf0.1 -Xmn7m -Xms48m -Xmx256m -Xnolinenumbers -Xverify:none -Xquickstart -Xscmaxaot12m -Xtrace:none -Xzero -Dcom.ibm.tools.attach.enable=no -Drcp.home=/opt/ibm/lotus/notes/framework -Drcp.data=/home/gabriel/lotus/notes/data/workspace -Dosgi.splashPath=platform:/base/../../shared/eclipse/plugins/com.ibm.notes.branding,platform:/base/../../shared/eclipse/plugins/com.ibm.notes.branding.nl1,platform:/base/../../shared/eclipse/plugins/com.ibm.notes.branding.nl2,platform:/base/../../shared/eclipse/plugins/com.ibm.notes.branding.nl3 -Dcom.ibm.rcp.install.id=1386159366 -Drcp.install.config=multiuser -Declipse.registry.nulltoken=true -Dcom.ibm.pvc.webcontainer.useLocalAddress=true -Dautopd.logfile.generations=3 -Dorg.apache.xerces.xni.parser.XMLParserConfiguration=org.apache.xerces.parsers.XIncludeAwareParserConfiguration -Dcom.ibm.pvc.webcontainer.http.address=localhost -Dosgi.nl.user=true -Dautopd.instance.area=/home/gabriel/lotus/notes/data/workspace/autopd -Dorg.eclipse.swt.browser.XULRunnerPath=/opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.xulrunner.runtime.linux.x86_6.2.3.20110915-1350/xulrunner -Djava.util.logging.config.class=com.ibm.rcp.core.internal.logger.boot.LoggerConfig -Dcom.ibm.pvc.webcontainer.port=0,59449 -Dcom.ibm.pvc.webcontainer.vhost.configfile=/opt/ibm/lotus/notes/framework/shared/eclipse/plugins/com.ibm.collaboration.realtime.webapi_8.5.1.20110812-1126/virtualhost.properties -Dderby.stream.error.file=/home/gabriel/lotus/notes/data/workspace/logs/derby.log -Djava.security.properties=file:/opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110915-1350/rcp.security.properties -Djava.protocol.handler.pkgs=com.ibm.net.ssl.www.protocol -Dosgi.hook.configurators.exclude=org.eclipse.core.runtime.internal.adaptor.EclipseLogHook -Drcp.osgi.install.area=/opt/ibm/lotus/notes/framework/rcp/eclipse -Xbootclasspath/a:/opt/ibm/lotus/notes/framework/shared/eclipse/plugins/com.ibm.collaboration.realtime.stjavatk_8.5.1.20110812-1126/sslite140-v3.16.jar:/opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.3.20110915-1350/rcpbootcp.jar

I guess the last process (pid 29146) is causing the segfault.
Comment 5 manuel wolfshant 2014-02-25 13:52:01 UTC 
Hmm.. It could be that the environment gets smashed.. but that cmdline is only  3245 chars long 
What does xargs  --show-limits come back with ?
Comment 6 GV 2014-02-25 14:34:08 UTC 
# xargs  --show-limits
Your environment variables take up 1947 bytes
POSIX upper limit on argument length (this system): 2617445
POSIX smallest allowable upper limit on argument length (all systems): 4096
Maximum length of command we could actually use: 2615498
Size of command buffer we are actually using: 131072
Comment 7 GV 2014-02-25 14:59:35 UTC 
I just rebuild chkrootkit-0.49-7.fc19 rpm (http://kojipkgs.fedoraproject.org//packages/chkrootkit/0.49/7.fc19/src/chkrootkit-0.49-7.fc19.src.rpm) and chkutmp does not crash anymore. It seems that chkrootkit-0.49-chkutmp-outofbounds.patch works fine on fedora and centos.
Comment 8 manuel wolfshant 2014-02-25 15:30:50 UTC 
The patch is already included in CentOS 6.
Comment 9 GV 2014-02-25 15:47:01 UTC 
Not really. CentOS 6 patch is 389 bytes. Fedora 19 patch is 2006.bytes. CentOS 6 path is old and incomplete. Please check the two patch files. Thank you.
Comment 10 manuel wolfshant 2014-02-25 15:59:12 UTC 
good catch, thanks
Comment 11 Fedora Update System 2014-02-25 22:18:30 UTC 
chkrootkit-0.49-3.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/chkrootkit-0.49-3.el5
Comment 12 Fedora Update System 2014-02-25 22:18:46 UTC 
chkrootkit-0.49-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/chkrootkit-0.49-3.el6
Comment 13 GV 2014-02-26 08:47:38 UTC 
chkrootkit-0.49-3.el6 works fine. Thank you.
Comment 14 manuel wolfshant 2014-02-26 09:39:59 UTC 
In this case please be as kind as to update its karma once it gets pushed to testing ( https://admin.fedoraproject.org/updates/chkrootkit-0.49-3.el6 )
Comment 15 GV 2014-02-27 17:17:52 UTC 
Done.
Comment 16 Fedora Update System 2014-03-01 07:10:27 UTC 
Package chkrootkit-0.49-3.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing chkrootkit-0.49-3.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0677/chkrootkit-0.49-3.el6
then log in and leave karma (feedback).
Comment 17 Fedora Update System 2014-03-17 05:58:59 UTC 
chkrootkit-0.49-3.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2014-03-17 05:59:20 UTC 
chkrootkit-0.49-3.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.