Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Fwd: stream.c - new FreeBSD exploit?

  • From: Allan Carscaddon
  • Date: Fri Jan 21 00:01:44 2000

Fresh from BUGTRAQ:

Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Date: Tue, 18 Jan 2000 14:44:38 -0800
Reply-To: The Tree of Life <ttol@JAMES.KALIFORNIA.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: The Tree of Life <ttol@JAMES.KALIFORNIA.COM>
Subject: stream.c - new FreeBSD exploit?
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
X-Loop-Detect: 1

I've been informed today by an irc admin that a new exploit is circulating
around. It "sends tcp-established bitstream shit" and makes the "kernel
fuck up".

It's called stream.c.

The efnet ircadmin told me servers on Exodus (Exodus Communications) were being
hit and they managed to get a hold of the guy. When asked what was going
on, he just said "stream.c".

When I talked to another person to ask if he had 'acquired' the source, he
said he wasn't going to give it out. I asked him if he had a patch for it,
and he replied "the fbsd team is working on it. No patch is available right
now."

What's the importance of this? Major companies such as Yahoo
(www.yahoo.com) and others run freebsd.

According to the irc admin, a simple reboot fixes it. "Your box reboots or
dies." He also stated, when asked if anything noticeable happened, that
"nothing unusual [happened]".

The only log that he could provide was this one:

---snip---

syslog:Jan 18 12:30:36 x kernel: Kernel panic: Free list empty

---snip---

One thing of note: he also stated this happened on non-freebsd systems,
which is contrary to what the other person said, who was "under the
impression it was freebsd specific."

I have the source, which I'm not going to post for 2-3 days (give time for
fbsd to work on the fix). If it isn't out before the 21st, I'll post it up.

---snip---

void usage(char *progname)
{
fprintf(stderr, "Usage: %s <dstaddr> <dstport> <pktsize> <pps>\n",
progname);
fprintf(stderr, " dstaddr - the target we are trying to attack.\n");
fprintf(stderr, " dstport - the port of the target, 0 = random.\n");
fprintf(stderr, " pktsize - the extra size to use. 0 = normal
syn.\n");
exit(1);
}

---snip---

Thanks for listening to my ramblings, hope everything I said helps.

- ttol
http://www.alladvantage.com/home.asp?refid=AME389
Get Paid to Surf. It works actually, cause people get thousands of dollars
a month from it...it's neet :P My id is AME389 - use it! :)





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.