[13471] in bugtraq
Re: stream.c - new FreeBSD exploit?
daemon@ATHENA.MIT.EDU (Bill Fumerola)
Fri Jan 21 14:58:22 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000120161620.E42787@jade.chc-chimes.com>
Date: Thu, 20 Jan 2000 16:16:20 -0500
Reply-To: Bill Fumerola <billf@CHC-CHIMES.COM>
From: Bill Fumerola <billf@CHC-CHIMES.COM>
X-To: The Tree of Life <ttol@JAMES.KALIFORNIA.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0001181358360.11107-100000@james.kalifornia.com>;
from ttol@JAMES.KALIFORNIA.COM on Tue, Jan 18,
2000 at 02:44:38PM -0800
On Tue, Jan 18, 2000 at 02:44:38PM -0800, The Tree of Life wrote:
> When I talked to another person to ask if he had 'acquired' the source, he
> said he wasn't going to give it out. I asked him if he had a patch for it,
> and he replied "the fbsd team is working on it. No patch is available right
> now."
>
> What's the importance of this? Major companies such as Yahoo
> (www.yahoo.com) and others run freebsd.
Major companies have firewalls too, but from what it sounds like, this
attack may crash/freeze/reboot/whatever them as well.
> According to the irc admin, a simple reboot fixes it. "Your box reboots or
> dies." He also stated, when asked if anything noticeable happened, that
> "nothing unusual [happened]".
>
> The only log that he could provide was this one:
>
> ---snip---
> syslog:Jan 18 12:30:36 x kernel: Kernel panic: Free list empty
> ---snip---
[hawk-billf] /sys > find . |xargs grep -ie 'free list empty'
[hawk-billf] /sys > uname -mrs
FreeBSD 4.0-CURRENT i386
> One thing of note: he also stated this happened on non-freebsd systems,
> which is contrary to what the other person said, who was "under the
> impression it was freebsd specific."
The above is a Linux panic, so it obviously works on non-FreeBSD machines.
It's a pity to attach FreeBSD to this exploit, as it obviously isn't specific
to just the FreeBSD stack. I wish the FUD would just go away sometimes.
--
Bill Fumerola - Network Architect
Computer Horizons Corp - CVM
e-mail: billf@chc-chimes.com / billf@FreeBSD.org
Office: 800-252-2421 x128 / Cell: 248-761-7272
ps. I'm not speaking for CHC or for FreeBSD...
