Bug 117913

Summary: nmap causes defunct, zombie spamd process
Product: [Retired] Red Hat Linux Reporter: Robert M. Riches Jr. <rm.riches>
Component: spamassassinAssignee: Warren Togami <wtogami>
Status: CLOSED WONTFIX QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 9   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-03 10:35:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert M. Riches Jr. 2004-03-09 22:59:47 UTC 
Description of problem:
Running 'nmap -sR localhost' causes a defunct zombie spamd process.

Version-Release number of selected component (if applicable):
spamassassin-2.44-11.8.x
nmap-3.00-4

How reproducible:
100%

Steps to Reproduce:
1. Fully updated RHL 9 installation with spamd enabled.
2. Do 'nmap -sR localhost' as any user.
3.
  
Actual results:
A defunct, zombie process is left behind.

Expected results:
There should not be a defunct, zombie process left behind.

Additional info:
There is some possibility this could be exploited in a DoS
attack, if an attacker could figure out how to cause many
zombies to pile up.  In my simple experience, not really
trying to do anything malicious, I have never seen multiple
zombies.  When a new one is created, the previous one somehow
disappears.

Oh, this might be related to bug 86029, but Bugzilla says I'm
not authorized to access it.

In case you're wondering why I run 'nmap -sR localhost', I
do this each Sunday to put something in /var/log/secure, so
that I could tell if something later in the week truncated
that file to zero length.
Comment 1 Warren Togami 2005-04-03 10:35:16 UTC 
closing due to inactivity and this is an ancient version.  If you still see this
problem with spamassassin-3.0.x, then you should report it to upstream bugzilla.