[Snort-devel] Snort SIGSEGV

gigzbyte at ...2499... gigzbyte at ...2499...
Mon May 25 09:17:56 EDT 2009


Greetings all!
I have SIGSEGV with Snort Version 2.8.4.1 GRE (Build 38) inline. Here is
some info.

System Architecture: amd64;
Operating System and version:  Linux 2.6.26 gentoo;
Snort version: 2.8.4.1 GRE (Build 38) inline;
Preprocessors:
preprocessor frag3_global: max_frags 65536
preprocessor frag3_engine: policy first detect_anomalies
preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
preprocessor stream5_tcp: policy first, use_static_footprint_sizes
preprocessor http_inspect: global \
preprocessor http_inspect_server: server default \
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor ftp_telnet: global \
preprocessor ftp_telnet_protocol: telnet \
preprocessor ftp_telnet_protocol: ftp server default \
preprocessor ftp_telnet_protocol: ftp client default \
preprocessor smtp: \
preprocessor sfportscan: proto  { all } \
preprocessor dcerpc2
preprocessor dcerpc2_server: default
preprocessor dns: \
preprocessor ssl: noinspect_encrypted, trustservers
Rules:
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/sql.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/imap.rules
include $RULE_PATH/pop3.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/p2p.rules
Output plugins:
output alert_full: snort_inline-full
output alert_fast: snort_inline-fast
output database: log, postgresql, user=snort password=snort dbname=snort
host=localhost
CMD switches: -g snort -i any -l /var/log/snort -c /etc/snort/snort.conf
-p -Q -T
This is in my dmesg: snort[14093]: segfault at 0 ip 7fab4b5a0750 sp
7fff54d2b828 error 4 in libc-2.7.so[7fab4b528000+13e000]
This is the output from gdb after 'run':
<skipped>
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f2ddeb436f0 (LWP 14394)]
0x00007f2ddd4d9750 in strcasecmp () from /lib/libc.so.6
And backtrace:
#0  0x00007f2ddd4d9750 in strcasecmp () from /lib/libc.so.6
#1  0x00000000004236d4 in ?? ()
#2  0x00000000004237c0 in ?? ()
#3  0x0000000000423e8e in ?? ()
#4  0x00000000004137c2 in ?? ()
#5  0x000000000041614e in ?? ()
#6  0x00000000004152d1 in ?? ()
#7  0x00000000004160b6 in ?? ()
#8  0x00000000004152d1 in ?? ()
#9  0x000000000041c91a in ?? ()
#10 0x00007f2ddd47f1f4 in __libc_start_main () from /lib/libc.so.6
#11 0x0000000000404539 in ?? ()
#12 0x00007fffe6c64e88 in ?? ()
#13 0x0000000000000000 in ?? ()
any help would be appreciated!
-------------------------------------
Dmitriy Loktev
Gigzbyte Security Group








More information about the Snort-devel mailing list