[Snort-users] GDB for Snort 1.9.0beta crashes on RH7.3 after 1 attack using mysql output

max valdez max at ...6164...
Mon Aug 5 17:52:01 EDT 2002


I'm getting more insight on the new beta, I can see the alerts on text,
but any time I try mysql snort crashes at the first alert log, no hints
on /var/log/mysql, or messages, no error at all, only stop working
(disapear on ps).

I'm making a gdb trace, here it is:

----------------

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.0beta1 (Build 180)
By Martin Roesch (roesch at ...1935..., www.snort.org)

Program received signal SIGSEGV, Segmentation fault.
0x08056cc4 in vsnprintf (str=0x857ea08 ",1", count=8192, fmt=0x808302c
",%u",
    args=0xbfffee1c) at snprintf.c:114
114             DoprEnd[0] = 0;
(gdb) where
#0  0x08056cc4 in vsnprintf (str=0x857ea08 ",1", count=8192,
    fmt=0x808302c ",%u", args=0xbfffee1c) at snprintf.c:114
#1  0x08056c84 in snprintf (str=0x857ea08 ",1", count=8192,
    fmt=0x808302c ",%u") at snprintf.c:93
#2  0x0805f45d in Database (p=0xbfffefc0, msg=0x84d8250 "SHELLCODE x86
NOOP",
    arg=0x8174cb0, event=0x84d7fe0) at spo_database.c:880
#3  0x0805a0b6 in CallLogFuncs (p=0xbfffefc0,
    message=0x84d8250 "SHELLCODE x86 NOOP", head=0x80bf200,
event=0x84d7fe0)
    at detect.c:179
#4  0x0805ae80 in AlertAction (p=0xbfffefc0, otn=0x84d7ea0,
event=0x84d7fe0)
    at detect.c:1789
#5  0x0805a481 in EvalHeader (rtn_idx=0x8177598, p=0xbfffefc0,
check_ports=0)
    at detect.c:677
#6  0x0805a369 in EvalPacket (List=0x80bf200, mode=2, p=0xbfffefc0)
    at detect.c:523
#7  0x0805a268 in Detect (p=0xbfffefc0) at detect.c:311
#8  0x08059f4f in Preprocess (p=0xbfffefc0) at detect.c:86
#9  0x08055110 in ProcessPacket (user=0x0, pkthdr=0xbffff480,
pkt=0x8151d1a "")
    at snort.c:580
#10 0x080713ef in pcap_read_packet ()
#11 0x08072287 in pcap_loop ()
#12 0x080563df in InterfaceThread (arg=0x0) at snort.c:1612
#13 0x08054ffb in SnortMain (argc=5, argv=0xbffff674) at snort.c:514
#14 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6
(gdb) bt
#0  0x08056cc4 in vsnprintf (str=0x857ea08 ",1", count=8192,
    fmt=0x808302c ",%u", args=0xbfffee1c) at snprintf.c:114
#1  0x08056c84 in snprintf (str=0x857ea08 ",1", count=8192,
    fmt=0x808302c ",%u") at snprintf.c:93
#2  0x0805f45d in Database (p=0xbfffefc0, msg=0x84d8250 "SHELLCODE x86
NOOP",
    arg=0x8174cb0, event=0x84d7fe0) at spo_database.c:880
#3  0x0805a0b6 in CallLogFuncs (p=0xbfffefc0,
    message=0x84d8250 "SHELLCODE x86 NOOP", head=0x80bf200,
event=0x84d7fe0)
    at detect.c:179
#4  0x0805ae80 in AlertAction (p=0xbfffefc0, otn=0x84d7ea0,
event=0x84d7fe0)
    at detect.c:1789
#5  0x0805a481 in EvalHeader (rtn_idx=0x8177598, p=0xbfffefc0,
check_ports=0)
    at detect.c:677
#6  0x0805a369 in EvalPacket (List=0x80bf200, mode=2, p=0xbfffefc0)
    at detect.c:523
#7  0x0805a268 in Detect (p=0xbfffefc0) at detect.c:311
#8  0x08059f4f in Preprocess (p=0xbfffefc0) at detect.c:86
#9  0x08055110 in ProcessPacket (user=0x0, pkthdr=0xbffff480,
pkt=0x8151d1a "")
    at snort.c:580
#10 0x080713ef in pcap_read_packet ()
#11 0x08072287 in pcap_loop ()
#12 0x080563df in InterfaceThread (arg=0x0) at snort.c:1612
#13 0x08054ffb in SnortMain (argc=5, argv=0xbffff674) at snort.c:514
#14 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6
---------------------------------.


-- 
-----BEGIN GEEK CODE BLOCK-----
GS/
d-s:a-C++ILIHA+++P-L++E--W++N+K-w++++O-M--V--PS+PEY+PGP-tXRtv++b+DI--D+Ge++h---r+++z+++
-----END GEEK CODE BLOCK-----





More information about the Snort-users mailing list