North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Fwd: stream.c - new FreeBSD exploit?

  • From: Allan Carscaddon
  • Date: Fri Jan 21 00:01:44 2000

Fresh from BUGTRAQ:

Approved-By: [email protected]
Delivered-To: [email protected]
Delivered-To: [email protected]
Date: Tue, 18 Jan 2000 14:44:38 -0800
Reply-To: The Tree of Life <[email protected]>
Sender: Bugtraq List <[email protected]>
From: The Tree of Life <[email protected]>
Subject: stream.c - new FreeBSD exploit?
X-To: [email protected]
To: [email protected]
X-Loop-Detect: 1

I've been informed today by an irc admin that a new exploit is circulating
around. It "sends tcp-established bitstream shit" and makes the "kernel
fuck up".

It's called stream.c.

The efnet ircadmin told me servers on Exodus (Exodus Communications) were being
hit and they managed to get a hold of the guy. When asked what was going
on, he just said "stream.c".

When I talked to another person to ask if he had 'acquired' the source, he
said he wasn't going to give it out. I asked him if he had a patch for it,
and he replied "the fbsd team is working on it. No patch is available right

What's the importance of this? Major companies such as Yahoo
( and others run freebsd.

According to the irc admin, a simple reboot fixes it. "Your box reboots or
dies." He also stated, when asked if anything noticeable happened, that
"nothing unusual [happened]".

The only log that he could provide was this one:


syslog:Jan 18 12:30:36 x kernel: Kernel panic: Free list empty


One thing of note: he also stated this happened on non-freebsd systems,
which is contrary to what the other person said, who was "under the
impression it was freebsd specific."

I have the source, which I'm not going to post for 2-3 days (give time for
fbsd to work on the fix). If it isn't out before the 21st, I'll post it up.


void usage(char *progname)
fprintf(stderr, "Usage: %s <dstaddr> <dstport> <pktsize> <pps>\n",
fprintf(stderr, " dstaddr - the target we are trying to attack.\n");
fprintf(stderr, " dstport - the port of the target, 0 = random.\n");
fprintf(stderr, " pktsize - the extra size to use. 0 = normal


Thanks for listening to my ramblings, hope everything I said helps.

- ttol
Get Paid to Surf. It works actually, cause people get thousands of dollars
a month from's neet :P My id is AME389 - use it! :)