Re: stream.c - new FreeBSD exploit?

[avalon () COOMBS ANU EDU AU (Darren Reed)]

In some mail from The Tree of Life, sie said:
> I've been informed today by an irc admin that a new exploit is circulating
> around.  It "sends tcp-established bitstream shit" and makes the "kernel
> fuck up".
>
> It's called stream.c.
>
> The efnet ircadmin told me servers on Exodus (Exodus Communications) were being
> hit and they managed to get a hold of the guy.  When asked what was going
> on, he just said "stream.c".
>
> When I talked to another person to ask if he had 'acquired' the source, he
> said he wasn't going to give it out.  I asked him if he had a patch for it,
> and he replied "the fbsd team is working on it.  No patch is available right
> now."
>
> What's the importance of this?  Major companies such as Yahoo
> (www.yahoo.com) and others run freebsd.
>
> According to the irc admin, a simple reboot fixes it.  "Your box reboots or
> dies."  He also stated, when asked if anything noticeable happened, that
> "nothing unusual [happened]".
>
> The only log that he could provide was this one:
>
> ---snip---
>
> syslog:Jan 18 12:30:36 x kernel: Kernel panic: Free list empty
>
> ---snip---
>
> One thing of note:  he also stated this happened on non-freebsd systems,
> which is contrary to what the other person said, who was "under the
> impression it was freebsd specific."
>
> I have the source, which I'm not going to post for 2-3 days (give time for
> fbsd to work on the fix).  If it isn't out before the 21st, I'll post it up.
>
> ---snip---

The above kernel message is from Linux 2.2, *NOT* FreeBSD.

The behaviour and impact would appear to vary from OS to OS and maybe
platform too.  It does not appear to cause Solaris7/NetBSD to panic
(in a hurry anyway).

Darren