LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-11-2016, 04:33 PM   #1
scarf
LQ Newbie
 
Registered: Sep 2011
Posts: 11

Rep: Reputation: Disabled
Help deciphering/decoding/debugging abrt report


I received the following notice from my abrt daemon, about a crash. I'm not sure if my question belongs in the security forum, but it seems the file that crashed was gam_server, a file modification monitoring daemon, and VNC seems to be involved too, which i see another user has recently posted about... I know VNC is prone to security holes and attacks... our particular server is only accessible through a VPN but the VPN has potentially thousands of other users within the organization, so at a minimum it is vulnerable to local attacks. Anyway what do you think of this report? I tried to scrub private information out that doesn't seem necessary to publish... Thanks


Code:
abrt_version:   2.0.8
cgroup:         
cmdline:        /usr/libexec/gam_server
event_log:      
executable:     /usr/libexec/gam_server
hostname:       [private]
kernel:         2.6.32-573.18.1.el6.x86_64
last_occurrence: [private]
machineid:      [private]
pid:            18112
pkg_arch:       x86_64
pkg_epoch:      0
pkg_fingerprint: [private]
pkg_name:       gamin
pkg_release:    9.el6
pkg_vendor:     Red Hat, Inc.
pkg_version:    0.1.10
pwd:            [private]
time:           Sat 11 Jun 2016 12:53:54 PM MST
uid:            1089
username:       [private]

sosreport.tar.xz: Binary file, 1936412 bytes

core_backtrace:
:{   "signal": 11
:,   "executable": "/usr/libexec/gam_server"
:,   "stacktrace":
:      [ {   "crash_thread": true
:        ,   "frames":
:              [ {   "address": 246571071690
:                ,   "build_id": "24d3ab3db0f38c7515feadf82191651da4117a18"
:                ,   "build_id_offset": 522442
:                ,   "function_name": "__strcmp_sse2"
:                ,   "file_name": "/lib64/libc.so.6"
:                }
:              , {   "address": 4208267
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 13963
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 4211020
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 16716
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 4238837
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 44533
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 4244802
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 50498
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 4241365
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 47061
:                ,   "file_name": "/usr/libexec/gam_server"
:                }
:              , {   "address": 246600175755
:                ,   "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
:                ,   "build_id_offset": 266379
:                ,   "file_name": "/lib64/libglib-2.0.so.0"
:                }
:              , {   "address": 246600173122
:                ,   "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
:                ,   "build_id_offset": 263746
:                ,   "function_name": "g_main_context_dispatch"
:                ,   "file_name": "/lib64/libglib-2.0.so.0"
:                }
:              , {   "address": 246600191128
:                ,   "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
:                ,   "build_id_offset": 281752
:                ,   "file_name": "/lib64/libglib-2.0.so.0"
:                }
:              , {   "address": 246600192421
:                ,   "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
:                ,   "build_id_offset": 283045
:                ,   "function_name": "g_main_loop_run"
:                ,   "file_name": "/lib64/libglib-2.0.so.0"
:                }
:              , {   "address": 4212838
:                ,   "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
:                ,   "build_id_offset": 18534
:                ,   "file_name": "/usr/libexec/gam_server"
:                } ]
:        } ]
:}

dso_list:
:/lib64/ld-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/libnss_ldap.so.2 nss-pam-ldapd-0.7.5-32.el6.x86_64 (Red Hat, Inc.) 1463016566
:/usr/lib64/gconv/gconv-modules.cache glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/librt-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/usr/libexec/gam_server gamin-0.1.10-9.el6.x86_64 (Red Hat, Inc.) 1316803441
:/lib64/libnss_files-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/libc-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/libglib-2.0.so.0.2800.8 glib2-2.28.8-5.el6.x86_64 (Red Hat, Inc.) 1463017960
:/lib64/libpthread-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140

environ:
:REMOTEHOST=[private]
:MANPATH=[private]
:'VNCDESKTOP=[private]:1 ([private])'
:SSH_AGENT_PID=[private]
:HOSTNAME=[private]
:FPCHELP=[private]
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:SHELL=/bin/tcsh
:HOST=[private]
:TERM=xterm
:XDG_SESSION_COOKIE=[private]
:'SSH_CLIENT=[private] 61184 22'
:PERL5LIB=[private]
:SYSFONT=latarcyrheb-sun16
:QTDIR=/usr/lib64/qt-3.3
:QTINC=/usr/lib64/qt-3.3/include
:SSH_TTY=/dev/pts/2
:IMSETTINGS_MODULE=none
:USER=[private]
:GROUP=seq
:LS_COLORS=rs=0:di=01;30:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
:MPICH_USE_SHLIB=yes
:PHRED_PARAMETER_FILE=[private]
:SSH_AUTH_SOCK=/tmp/keyring-[private]/socket.ssh
:HOSTTYPE=x86_64-linux
:RIGDIR=/usr/local/rig
:PATH=[private]
:MAIL=/var/spool/mail/[private]
:QT_IM_MODULE=xim
:PWD=[private]
:XMODIFIERS=@im=none
:EDITOR=vi
:LANG=en_US.UTF-8
:KDE_IS_PRELINKED=1
:KDEDIRS=/usr
:FPCTOP_DIR=/home/fpc
:SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
:HOME=[private]
:SHLVL=2
:OSTYPE=linux
:CONSED_HOME=[private]
:VENDOR=unknown
:LOGNAME=[private]
:MACHTYPE=x86_64
:CVS_RSH=ssh
:QTLIB=/usr/lib64/qt-3.3/lib
:'SSH_CONNECTION=[private] 61184 [private] 22'
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-[private],guid=[private]
:ZOE=/opt/snap
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:IMTOP_DIR=/home/imdata
:DISPLAY=:1
:GTK_IM_MODULE=gtk-im-context-simple
:G_BROKEN_FILENAMES=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/18031,unix/unix:/tmp/.ICE-unix/18031
:ORBIT_SOCKETDIR=/tmp/orbit-[private]
:GTK_RC_FILES=[private]
:GNOME_KEYRING_SOCKET=/tmp/keyring-[private]/socket
:GAM_CLIENT_ID=

limits:
:Limit                     Soft Limit           Hard Limit           Units     
:Max cpu time              unlimited            unlimited            seconds   
:Max file size             unlimited            unlimited            bytes     
:Max data size             unlimited            unlimited            bytes     
:Max stack size            10485760             unlimited            bytes     
:Max core file size        unlimited            unlimited            bytes     
:Max resident set          unlimited            unlimited            bytes     
:Max processes             1024                 128056               processes 
:Max open files            1024                 4096                 files     
:Max locked memory         65536                65536                bytes     
:Max address space         unlimited            unlimited            bytes     
:Max file locks            unlimited            unlimited            locks     
:Max pending signals       128056               128056               signals   
:Max msgqueue size         819200               819200               bytes     
:Max nice priority         0                    0                    
:Max realtime priority     0                    0                    
:Max realtime timeout      unlimited            unlimited            us        

maps:
:00400000-00416000 r-xp 00000000 fd:00 2118414                            /usr/libexec/gam_server
:00615000-00617000 rw-p 00015000 fd:00 2118414                            /usr/libexec/gam_server
:01bb5000-01bfc000 rw-p 00000000 00:00 0                                  [heap]
:3968800000-3968820000 r-xp 00000000 fd:00 1048920                        /lib64/ld-2.12.so
:3968a1f000-3968a21000 r--p 0001f000 fd:00 1048920                        /lib64/ld-2.12.so
:3968a21000-3968a22000 rw-p 00021000 fd:00 1048920                        /lib64/ld-2.12.so
:3968a22000-3968a23000 rw-p 00000000 00:00 0 
:3968c00000-3968d8a000 r-xp 00000000 fd:00 1048921                        /lib64/libc-2.12.so
:3968d8a000-3968f8a000 ---p 0018a000 fd:00 1048921                        /lib64/libc-2.12.so
:3968f8a000-3968f8e000 r--p 0018a000 fd:00 1048921                        /lib64/libc-2.12.so
:3968f8e000-3968f90000 rw-p 0018e000 fd:00 1048921                        /lib64/libc-2.12.so
:3968f90000-3968f94000 rw-p 00000000 00:00 0 
:3969400000-3969417000 r-xp 00000000 fd:00 1048931                        /lib64/libpthread-2.12.so
:3969417000-3969617000 ---p 00017000 fd:00 1048931                        /lib64/libpthread-2.12.so
:3969617000-3969618000 r--p 00017000 fd:00 1048931                        /lib64/libpthread-2.12.so
:3969618000-3969619000 rw-p 00018000 fd:00 1048931                        /lib64/libpthread-2.12.so
:3969619000-396961d000 rw-p 00000000 00:00 0 
:3969c00000-3969c07000 r-xp 00000000 fd:00 1048950                        /lib64/librt-2.12.so
:3969c07000-3969e06000 ---p 00007000 fd:00 1048950                        /lib64/librt-2.12.so
:3969e06000-3969e07000 r--p 00006000 fd:00 1048950                        /lib64/librt-2.12.so
:3969e07000-3969e08000 rw-p 00007000 fd:00 1048950                        /lib64/librt-2.12.so
:396a800000-396a915000 r-xp 00000000 fd:00 1048952                        /lib64/libglib-2.0.so.0.2800.8
:396a915000-396ab15000 ---p 00115000 fd:00 1048952                        /lib64/libglib-2.0.so.0.2800.8
:396ab15000-396ab16000 rw-p 00115000 fd:00 1048952                        /lib64/libglib-2.0.so.0.2800.8
:396ab16000-396ab17000 rw-p 00000000 00:00 0 
:7f317a1a0000-7f317a1ab000 r-xp 00000000 fd:00 1048662                    /lib64/libnss_ldap.so.2
:7f317a1ab000-7f317a3aa000 ---p 0000b000 fd:00 1048662                    /lib64/libnss_ldap.so.2
:7f317a3aa000-7f317a3ab000 rw-p 0000a000 fd:00 1048662                    /lib64/libnss_ldap.so.2
:7f317a3ab000-7f317a3b8000 r-xp 00000000 fd:00 1048873                    /lib64/libnss_files-2.12.so
:7f317a3b8000-7f317a5b7000 ---p 0000d000 fd:00 1048873                    /lib64/libnss_files-2.12.so
:7f317a5b7000-7f317a5b8000 r--p 0000c000 fd:00 1048873                    /lib64/libnss_files-2.12.so
:7f317a5b8000-7f317a5b9000 rw-p 0000d000 fd:00 1048873                    /lib64/libnss_files-2.12.so
:7f317a5b9000-7f317a5bd000 rw-p 00000000 00:00 0 
:7f317a5ce000-7f317a5d5000 r--s 00000000 fd:00 2098436                    /usr/lib64/gconv/gconv-modules.cache
:7f317a5d5000-7f317a5d6000 rw-p 00000000 00:00 0 
:7ffc1ef2c000-7ffc1ef41000 rw-p 00000000 00:00 0                          [stack]
:7ffc1ef69000-7ffc1ef6a000 r-xp 00000000 00:00 0                          [vdso]
:ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

open_fds:
:0:/dev/null
:pos:	0
:flags:	0100000
:1:/dev/null
:pos:	0
:flags:	0100001
:2:/dev/null
:pos:	0
:flags:	0100001
:3:inotify
:pos:	0
:flags:	04000
:4:socket:[3218055]
:pos:	0
:flags:	02
:5:pipe:[3218056]
:pos:	0
:flags:	04000
:6:pipe:[3218056]
:pos:	0
:flags:	04001
:7:socket:[3218074]
:pos:	0
:flags:	02
:8:socket:[3218181]
:pos:	0
:flags:	02
:9:socket:[3218496]
:pos:	0
:flags:	02
:10:socket:[3219764]
:pos:	0
:flags:	02

var_log_messages:
:[private] kernel: gam_server[[private]] general protection ip:3968c7f8ca sp:7ffc1ef3d9e8 error:0 in libc-2.12.so[3968c00000+18a000]
:[private] abrt[[private]]: Saved core dump of pid [private] (/usr/libexec/gam_server) to [private]
.
 
Old 06-12-2016, 09:04 PM   #2
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,298
Blog Entries: 4

Rep: Reputation: 148Reputation: 148
This looks like an SOSREPORT for Red hat GSS troubleshooting. Wondering if you have shared this with them?

Possible clue here:

Code:
var_log_messages:
:[private] kernel: gam_server[[private]] general protection ip:3968c7f8ca sp:7ffc1ef3d9e8 error:0 in libc-2.12.so[3968c00000+18a000]
:[private] abrt[[private]]: Saved core dump of pid [private] (/usr/libexec/gam_server) to [private]
There is probably a core dump file under /usr/libexec/gam_server. You could use objdump to sift thru the info...

Looks like abrt can generate a core dump under Red Hat, correct?

What app are you trying to troubleshoot and create a core dump for, VNC?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Decoding Value assigned to variable while debugging srinietrx Programming 6 03-15-2016 02:56 PM
abrt (): core dump issues mihirict Linux - Enterprise 1 11-17-2014 05:26 PM
error ICRC ABRT at boot, impossible to log in Tib-Tib Linux - Newbie 3 02-24-2011 12:27 AM
Need help on deciphering my IPTABLES jun_tuko Linux - Security 2 11-24-2005 12:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration