Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 23 replies
  • Subscribers 0 subscribers
  • Views 10658 views
  • Users 0 members are here
Options
Suggested

[9.080][BUG] Still a bug websec seg faults.

RFCat_vk_01
I can't find where I posted this issue, but I suspect it was in with another, but different seg fault report.


2013:03:29-09:19:07 cats-kingdom kernel: [ 2218.850827] websec-reporter[12062]: segfault at 3d0f00 ip 00000000f755f7f3 sp 00000000f645aa58 error 4 in libc-2.11.3.so[f74e8000+167000] 
Ian

This message only appears in one UTM which has VLANs and IPv6 sixxs tunnel.
The other UTM has native IPv6 over PPPoE doesn't show the kernel fault.
Parents
  • 0
    Hi guys. Can we get the http.log as well for the same time as the crash?
  • 0 in reply to Michael Dunn
    Hi Michael,
    web filter log extract from this morning


    2013:04:10-06:50:33 cats-kingdom httpproxy[11262]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="735" message="reloading config done, new version 75" 
    2013:04:10-06:50:41 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="200" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x137d50d8" url="www.astaro.org/.../html" application="http" 
    2013:04:10-06:50:43 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="200" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="167102" request="0x139fcc70" url="www.astaro.org/.../html" application="http" 

    2013:04:10-06:50:44 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="304" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x139fcc70" url="www.astaro.org/.../vbulletin_important.css
    2013:04:10-06:50:44 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="304" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x12f98e48" url="www.astaro.org/.../vbulletin_menu.js

    2013:04:10-06:50:44 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="304" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x137d21d0" url="www.astaro.org/.../vbulletin_global.js
    2013:04:10-06:50:44 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="304" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x137d2ad0" url="www.astaro.org/.../connection-min.js
    2013:04:10-06:50:45 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="2a01:348:229:cafe::feec" dstip="2404:6800:4006:801::1004" user="" statuscode="200" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="35" request="0x25118928" url="www.google-analytics.com/__utm.gif
    2013:04:10-06:50:45 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="2a01:348:229:cafe::feec" dstip="2404:6800:4006:801::1004" user="" statuscode="200" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="35" request="0x12eb6ae0" url="www.google-analytics.com/__utm.gif

    2013:04:10-06:48:26 cats-kingdom kernel: [126397.223184] websec-reporter[28543]: segfault at 3d0f00 ip 00000000f75187f3 sp 00000000f6413a58 error 4 in libc-2.11.3.so[f74a1000+167000] 

    2013:04:10-06:48:52 cats-kingdom kernel: [126423.396223] websec-reporter[28571]: segfault at 3d0f00 ip 00000000f75c37f3 sp 00000000f64bea58 error 4 in libc-2.11.3.so[f754c000+167000] 
    2013:04:10-06:48:54 cats-kingdom kernel: [126424.791546] websec-reporter[28612]: segfault at 3d0f00 ip 00000000f75a37f3 sp 00000000f649ea58 error 4 in libc-2.11.3.so[f752c000+167000] 
    2013:04:10-06:50:00 cats-kingdom kernel: [126491.228179] websec-reporter[28622]: segfault at 3d0f00 ip 00000000f753f7f3 sp 00000000f643aa58 error 4 in libc-2.11.3.so[f74c8000+167000] 
    2013:04:10-06:50:02 cats-kingdom kernel: [126493.398008] websec-reporter[28730]: segfault at 3d0f00 ip 00000000f75df7f3 sp 00000000f64daa58 error 4 in libc-2.11.3.so[f7568000+167000] 
    2013:04:10-06:50:45 cats-kingdom kernel: [126536.417180] websec-reporter[28755]: segfault at 3d0f00 ip 00000000f75487f3 sp 00000000f6443a58 error 4 in libc-2.11.3.so[f74d1000+167000] 

    Ian
Reply
  • 0 in reply to Michael Dunn
    Hi Michael,
    web filter log extract from this morning


    2013:04:10-06:50:33 cats-kingdom httpproxy[11262]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="735" message="reloading config done, new version 75" 
    2013:04:10-06:50:41 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="200" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x137d50d8" url="www.astaro.org/.../html" application="http" 
    2013:04:10-06:50:43 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="200" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="167102" request="0x139fcc70" url="www.astaro.org/.../html" application="http" 

    2013:04:10-06:50:44 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="304" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x139fcc70" url="www.astaro.org/.../vbulletin_important.css
    2013:04:10-06:50:44 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="304" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x12f98e48" url="www.astaro.org/.../vbulletin_menu.js

    2013:04:10-06:50:44 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="304" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x137d21d0" url="www.astaro.org/.../vbulletin_global.js
    2013:04:10-06:50:44 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.123" dstip="85.115.22.9" user="" statuscode="304" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="0" request="0x137d2ad0" url="www.astaro.org/.../connection-min.js
    2013:04:10-06:50:45 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="2a01:348:229:cafe::feec" dstip="2404:6800:4006:801::1004" user="" statuscode="200" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="35" request="0x25118928" url="www.google-analytics.com/__utm.gif
    2013:04:10-06:50:45 cats-kingdom httpproxy[11262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="2a01:348:229:cafe::feec" dstip="2404:6800:4006:801::1004" user="" statuscode="200" cached="0" profile="REF_QdOMlAFULb (Open slather)" filteraction="REF_rzqhzuFvvA (all access)" size="35" request="0x12eb6ae0" url="www.google-analytics.com/__utm.gif

    2013:04:10-06:48:26 cats-kingdom kernel: [126397.223184] websec-reporter[28543]: segfault at 3d0f00 ip 00000000f75187f3 sp 00000000f6413a58 error 4 in libc-2.11.3.so[f74a1000+167000] 

    2013:04:10-06:48:52 cats-kingdom kernel: [126423.396223] websec-reporter[28571]: segfault at 3d0f00 ip 00000000f75c37f3 sp 00000000f64bea58 error 4 in libc-2.11.3.so[f754c000+167000] 
    2013:04:10-06:48:54 cats-kingdom kernel: [126424.791546] websec-reporter[28612]: segfault at 3d0f00 ip 00000000f75a37f3 sp 00000000f649ea58 error 4 in libc-2.11.3.so[f752c000+167000] 
    2013:04:10-06:50:00 cats-kingdom kernel: [126491.228179] websec-reporter[28622]: segfault at 3d0f00 ip 00000000f753f7f3 sp 00000000f643aa58 error 4 in libc-2.11.3.so[f74c8000+167000] 
    2013:04:10-06:50:02 cats-kingdom kernel: [126493.398008] websec-reporter[28730]: segfault at 3d0f00 ip 00000000f75df7f3 sp 00000000f64daa58 error 4 in libc-2.11.3.so[f7568000+167000] 
    2013:04:10-06:50:45 cats-kingdom kernel: [126536.417180] websec-reporter[28755]: segfault at 3d0f00 ip 00000000f75487f3 sp 00000000f6443a58 error 4 in libc-2.11.3.so[f74d1000+167000] 

    Ian
Children
No Data
Unfiltered HTML