This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Potential bug in sshd


On 12 September 2006 15:43, Michael Sowka wrote:


> ! One thing I did notice as I was looking for logs to send in to the
> list is that the System Events log is that recently I've had a barrage
> of attempted break-ins via ssh (failed logins as root, admin, etc.). I
> trust that OpenSSH is pretty solid, have experienced this before, and
> don't make too much of it... but could this have melted my system?!

  Very very unlikely.  The failed logins are simple crude automated
bruteforceing worms out there; they've got a list of common passwords and a
list of common usernames and they try every combination.  If your password
isn't something fairly obvious, you'll be fine.

> Finding useful info was easy enough (/var/log/ssh), here is an
> excerpt. Speculation: this does seem to support the symptoms I'm
> having (dropped connections from "worker" threads, no response, etc.).
> I don't "read" Win32 logs but I have a hunch someone can ID this
> problem on the spot.
> 
>   4864 [main] sshd 8156 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
> - C:\cygwin\usr\sbin\sshd.exe: *** recreate_mmaps_after_fork_failed
>      2 [main] sshd 8144 child_info::sync: wait failed, pid 8156, Win32
>     error 0 59 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487
> 3757715 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487
> 24253452 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487

  Did you try rebaseall yet?  These are basically the standard cygwin errors
that you get when something is causing the process memory space of a child
process to not match the layout of the parent processes address space.

> HAS MY SYSTEM BEEN COMPROMISED?!

  Not the slightest reason to belive so from anything you've described so far.
Don't panic!

  BTW, if you have a Logitech webcam, now would be a good time to disable the
associated "Logitech Process Monitor" service.  Or is there anything else by
the way of hardware/software that you've installed just recently?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]