Re: stream.c - new FreeBSD exploit?

[billf () CHC-CHIMES COM (Bill Fumerola)]

On Tue, Jan 18, 2000 at 02:44:38PM -0800, The Tree of Life wrote:

> When I talked to another person to ask if he had 'acquired' the source, he
> said he wasn't going to give it out.  I asked him if he had a patch for it,
> and he replied "the fbsd team is working on it.  No patch is available right
> now."
>
> What's the importance of this?  Major companies such as Yahoo
> (www.yahoo.com) and others run freebsd.

Major companies have firewalls too, but from what it sounds like, this
attack may crash/freeze/reboot/whatever them as well.

> According to the irc admin, a simple reboot fixes it.  "Your box reboots or
> dies."  He also stated, when asked if anything noticeable happened, that
> "nothing unusual [happened]".
>
> The only log that he could provide was this one:
>
> ---snip---
> syslog:Jan 18 12:30:36 x kernel: Kernel panic: Free list empty
> ---snip---

[hawk-billf] /sys > find . |xargs grep -ie 'free list empty'
[hawk-billf] /sys > uname -mrs
FreeBSD 4.0-CURRENT i386

> One thing of note:  he also stated this happened on non-freebsd systems,
> which is contrary to what the other person said, who was "under the
> impression it was freebsd specific."

The above is a Linux panic, so it obviously works on non-FreeBSD machines.

It's a pity to attach FreeBSD to this exploit, as it obviously isn't specific
to just the FreeBSD stack. I wish the FUD would just go away sometimes.

--
Bill Fumerola - Network Architect
Computer Horizons Corp - CVM
e-mail: billf () chc-chimes com / billf () FreeBSD org
Office: 800-252-2421 x128 / Cell: 248-761-7272

ps. I'm not speaking for CHC or for FreeBSD...