Summary: Login failure: /usr/lib/libc.so.1 too many open files

From: John Rams (johnrams@cox.net)
Date: Sat Apr 26 2003 - 04:00:03 EDT

• Next message: Stephen Barnett (DSL AK): "RE: SUMMARY: Ultra-10 Model"
• Previous message: Samier.Kesou@bfa.de: "trussing a slow process"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks to Casper Dick, Rick Andersonand Alan Bradley. Following are their answers. It was badly delayed to summarize. And my bad is a colleague in that remote site reinstalled OS from jumpstart without preserving the original config for evaluation and debugging!

Casper's mail:

The error you see is typical for systems that have been hacked with a specific rootkit.

You should reinstall or ssave the disk for forensic purposes. It likely contains a few trojans.

Ric's mail:

Last box I saw with this symptom had been rooted. You'll probably
find a secure shell (version 1) running on a high numbered port,
along with a password capture program. run nmap against the
box and then telnet to anything that nmap finds listening to
see if the port in question responds with
SSH-other stuff-
If it does, format and reinstall, get the current patches in
-AND- add the following lines to /etc/system so the next
buffer overrun attack falls on the floor instead of getting in.
*
* Security fix - prevent execution on stack...
set noexec_user_stack=1
set noexec_user_stack_log=1
Be sure you reboot after changing /etc/system...

Alan's Mail:

There is a posting in the archives of a similar problem someone had:

http://www.sunmanagers.org/pipermail/sunmanagers/2002-August/015720.html

There doesn't seem to be a resolution, but perhaps you could contact them
and see if they did manage to resolve it.

Regards
John Rams

> -----Original Message-----
> From: sunmanagers-admin@sunmanagers.org
> [mailto:sunmanagers-admin@sunmanagers.org] On Behalf Of
> johnrams@cox.net
> Sent: Monday, April 07, 2003 3:32 PM
> To: sunmanagers@sunmanagers.org
> Subject: Login failure: /usr/lib/libc.so.1 too many open files
>
>
> Managers:
>
> On an Ultra 60, i am getting following error. How would i
> logon to the system. FTP works with no problem. Tried to copy
> the shared object by ftp, no luck.
>
> What can i do to resolve without having to reinstall? May be
> booting from cdrom and copying contents of /usr file system.
>
>
> $ telnet <IP-address>
> Trying <IP-address>
> Connected to <IP-address>.
> Escape character is '^]'.
>
> SunOS 5.8
>
> ld.so.1: login: fatal: /usr/lib/libc.so.1: Too many open files
> Connection closed by foreign host.
>
> thanks
> John

_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Stephen Barnett (DSL AK): "RE: SUMMARY: Ultra-10 Model"
• Previous message: Samier.Kesou@bfa.de: "trussing a slow process"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:17 EDT