Bugtraq mailing list archives
Re: stream.c - new FreeBSD exploit?
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Sat, 22 Jan 2000 01:46:41 +1100
In some mail from The Tree of Life, sie said:
I've been informed today by an irc admin that a new exploit is circulating around. It "sends tcp-established bitstream shit" and makes the "kernel fuck up". It's called stream.c. The efnet ircadmin told me servers on Exodus (Exodus Communications) were being hit and they managed to get a hold of the guy. When asked what was going on, he just said "stream.c". When I talked to another person to ask if he had 'acquired' the source, he said he wasn't going to give it out. I asked him if he had a patch for it, and he replied "the fbsd team is working on it. No patch is available right now." What's the importance of this? Major companies such as Yahoo (www.yahoo.com) and others run freebsd. According to the irc admin, a simple reboot fixes it. "Your box reboots or dies." He also stated, when asked if anything noticeable happened, that "nothing unusual [happened]". The only log that he could provide was this one: ---snip--- syslog:Jan 18 12:30:36 x kernel: Kernel panic: Free list empty ---snip--- One thing of note: he also stated this happened on non-freebsd systems, which is contrary to what the other person said, who was "under the impression it was freebsd specific." I have the source, which I'm not going to post for 2-3 days (give time for fbsd to work on the fix). If it isn't out before the 21st, I'll post it up. ---snip---
The above kernel message is from Linux 2.2, *NOT* FreeBSD. The behaviour and impact would appear to vary from OS to OS and maybe platform too. It does not appear to cause Solaris7/NetBSD to panic (in a hurry anyway). Darren
Current thread:
- stream.c - new FreeBSD exploit? The Tree of Life (Jan 18)
- Re: stream.c - new FreeBSD exploit? Bill Fumerola (Jan 20)
- Re: stream.c - new FreeBSD exploit? Adam Lynch (Jan 21)
- Re: stream.c - new FreeBSD exploit? Darren Reed (Jan 21)
- Re: stream.c - new FreeBSD exploit? Frank (sysadmin) (Jan 22)
- <Possible follow-ups>
- Re: stream.c - new FreeBSD exploit? Haight, Kristofer (Jan 21)
- Re: stream.c - new FreeBSD exploit? Guy Cohen (Jan 23)
- Re: stream.c - new FreeBSD exploit? Bill Fumerola (Jan 20)