Dear Macromedia, my name is Giovanni Gasparri and I work for an italian company
called 2ware Srl as unix-like system manager. We are working on a project for
E.N.E.A. (Italian National Agency for New Technologies, Energy and the
Environment) (
http://www.enea.it/com/ingl/default.htm) based on Flash
Communication Server. I've installed FCS successfully on a 4-processors server
running Scientific Linux instead of Red Hat. Any E.N.E.A.'s server uses AFS
(
http://www.openafs.org/) as distributed file system. I've put successfully
the FCS web folder into the /afs shared folder. Anything has been working
until few days ago, when we discovered that: - a large amount of sendmail
traffic is generated; - a large amount of processes are instanced; some of them
are ('sleeping') not visible using the ps command but visible under /proc/; -
log files have been deleted; - the server crashed and I had to reinstall any
package. E.N.E.A.'s technicians suspect a root-kit or something similar. Since
those servers hold very confidential scientific data, they are seriously
thinking of isolating any FCS server from their network, to avoid further
damages. Any Flash Communication Server will be removed as soon in the case
I'll receive no formal answer from you about the following questions: - does
Flash Communication Server use the sendmail service? - can the FCS algorithm
instance so many processes? Is this one a normal behavior? - do you know any
FCS vulnerabilities allowing arbitrary code execution? - can some processes of
those one be a malicious process? - can those troubles be solved by make FCS
running on Red Hat instead of Scientific Linux? - can those problems be
connected in such way to FCS? Unfortunately I cannot answer my customers
directly since FCS is not provided under GPL. I'm waiting for an urgent answer
from your experts to avoid E.N.E.A. decides to dismiss FCS ultimately. Thanks
for your kind answer. - - - Giovanni Gasparri Technical Support - 2ware Srl
http://gasparri.2ware.it
