Summary: Login failure: /usr/lib/libc.so.1 too many open files

From: John Rams <johnrams_at_cox.net>
Date: Sat Apr 26 2003 - 04:00:03 EDT
Thanks to Casper Dick, Rick Andersonand Alan Bradley.  Following are their
answers. It was badly delayed to summarize. And my bad is a colleague in that
remote site reinstalled OS from jumpstart without preserving the original
config for evaluation and debugging!


Casper's mail:

The error you see is typical for systems that have been hacked with a specific
rootkit.

You should reinstall or ssave the disk for forensic purposes. It likely
contains a few trojans.

Ric's mail:

Last box I saw with this symptom had been rooted.  You'll probably
find a secure shell (version 1) running on a high numbered port,
along with a password capture program.  run nmap against the
box and then telnet to anything that nmap finds listening to
see if the port in question responds with
SSH-other stuff-
If it does, format and reinstall, get the current patches in
-AND- add the following lines to /etc/system so the next
buffer overrun attack falls on the floor instead of getting in.
*
* Security fix - prevent execution on stack...
set noexec_user_stack=1
set noexec_user_stack_log=1
Be sure you reboot after changing /etc/system...



Alan's Mail:

There is a posting in the archives of a similar problem someone had:

http://www.sunmanagers.org/pipermail/sunmanagers/2002-August/015720.html

There doesn't seem to be a resolution, but perhaps you could contact them
and see if they did manage to resolve it.

Regards
John Rams

> -----Original Message-----
> From: sunmanagers-admin@sunmanagers.org
> [mailto:sunmanagers-admin@sunmanagers.org] On Behalf Of
> johnrams@cox.net
> Sent: Monday, April 07, 2003 3:32 PM
> To: sunmanagers@sunmanagers.org
> Subject: Login failure: /usr/lib/libc.so.1 too many open files
>
>
> Managers:
>
> On an Ultra 60, i am getting following error. How would i
> logon to the system. FTP works with no problem. Tried to copy
> the shared object by ftp, no luck.
>
> What can i do to resolve without having to reinstall? May be
> booting from cdrom and copying contents of /usr file system.
>
>
> $ telnet <IP-address>
> Trying   <IP-address>
> Connected to <IP-address>.
> Escape character is '^]'.
>
> SunOS 5.8
>
> ld.so.1: login: fatal: /usr/lib/libc.so.1: Too many open files
> Connection closed by foreign host.
>
> thanks
> John
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Mon Apr 28 10:26:32 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:09 EST