Fwd: stream.c - new FreeBSD exploit?

[Allan Carscaddon <allan () carscaddon com>]

Fresh from BUGTRAQ:

> Approved-By: aleph1 () SECURITYFOCUS COM
> Delivered-To: bugtraq () lists securityfocus com
> Delivered-To: bugtraq () securityfocus com
> Date:         Tue, 18 Jan 2000 14:44:38 -0800
> Reply-To: The Tree of Life <ttol () JAMES KALIFORNIA COM>
> Sender: Bugtraq List <BUGTRAQ () SECURITYFOCUS COM>
> From: The Tree of Life <ttol () JAMES KALIFORNIA COM>
> Subject:      stream.c - new FreeBSD exploit?
> X-To:         bugtraq () securityfocus com
> To: BUGTRAQ () SECURITYFOCUS COM
> X-Loop-Detect: 1
>
> I've been informed today by an irc admin that a new exploit is circulating
> around.  It "sends tcp-established bitstream shit" and makes the "kernel
> fuck up".
>
> It's called stream.c.
>
> The efnet ircadmin told me servers on Exodus (Exodus Communications) were 
> being
> hit and they managed to get a hold of the guy.  When asked what was going
> on, he just said "stream.c".
>
> When I talked to another person to ask if he had 'acquired' the source, he
> said he wasn't going to give it out.  I asked him if he had a patch for it,
> and he replied "the fbsd team is working on it.  No patch is available right
> now."
>
> What's the importance of this?  Major companies such as Yahoo
> (www.yahoo.com) and others run freebsd.
>
> According to the irc admin, a simple reboot fixes it.  "Your box reboots or
> dies."  He also stated, when asked if anything noticeable happened, that
> "nothing unusual [happened]".
>
> The only log that he could provide was this one:
>
> ---snip---
>
> syslog:Jan 18 12:30:36 x kernel: Kernel panic: Free list empty
>
> ---snip---
>
> One thing of note:  he also stated this happened on non-freebsd systems,
> which is contrary to what the other person said, who was "under the
> impression it was freebsd specific."
>
> I have the source, which I'm not going to post for 2-3 days (give time for
> fbsd to work on the fix).  If it isn't out before the 21st, I'll post it up.
>
> ---snip---
>
> void usage(char *progname)
> {
>    fprintf(stderr, "Usage: %s <dstaddr> <dstport> <pktsize> <pps>\n",
> progname);
>    fprintf(stderr, "    dstaddr  - the target we are trying to attack.\n");
>    fprintf(stderr, "    dstport  - the port of the target, 0 = random.\n");
>    fprintf(stderr, "    pktsize  - the extra size to use.  0 = normal
> syn.\n");
>    exit(1);
> }
>
> ---snip---
>
> Thanks for listening to my ramblings, hope everything I said helps.
>
> - ttol
> http://www.alladvantage.com/home.asp?refid=AME389
> Get Paid to Surf.  It works actually, cause people get thousands of dollars
> a month from it...it's neet :P  My id is AME389 - use it! :)