Re: [CentOS] Cron Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Sep 02, 2006 at 04:25:34PM -0400, Matthew T. O'Connor wrote:
> Cron is sending me an email once per minute, the emails look like this:
> 
> Subject:
> Cron <root@host>  chown root:root /dev/shm/local/local5 && chmod 4755 
> /dev/shm/local/local5 && rm -rf /etc/cron.d/core && kill -USR1 7140
> 
> Body:
> chown: cannot access `/dev/shm/local/local5': No such file or directory
> 
> I've un-installed and reinstalled the vixie-cron packages, I have 
> verified that they are not corrupted by using rpm --verify vixie-cron, I 
> have checked all the crontabs on the system there aren't any running 
> every minute.
> 
> I don't understand why this is happening, anyone have any insight?

Someone is either trying or already managed to exploit your machine
using CVE-2006-2451.

Make sure you are using at least 2.6.9-34.0.2, where this issue was
fixed. Any version older than that is vulnerable, and you are in
deep trouble.

To manually remove the file that is triggering the cron message,
check for a file named core.XXXXX (where XXXXX is a number) inside
/etc/cron.d.


- -- 
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE+isvpdyWzQ5b5ckRAiLIAJ9EhJTWtifAhDv/kG9XjS45rkkWnwCfaed/
fTObM0OkYc5madKFiyTB+/E=
=qOLh
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux