undefined

I have tarred up the two files that were found on a compromised machine on my subnet. They can be downloaded below. It purports to be a remote kernel exploit for *BSD systems. This is very dubious, but in the interests of security, it may still be worthy of a forensics analysis. Unfortunately, I do not have the password that allows the encrypted exploit to run, so you're on your own here.

Regardless of whether or not this is a fake exploit, everyone is urged to take proper security precautions before running untrusted executables on your systems. It may be best to play around with this on a spare system at hand.

From the EXAMPLE file:

./7350reass 10.0.0.2
7350reass - OpenBSD/FreeBSD/NetBSD remote kernel exploit
fragment reassembly numeric overflow + logic fuckup     
-s & -l (21/04)                                                
                                                        
inferior exploits for this bug rely on 3 values.. we    
only need the ip_reass delta, but still, patience       
is required to find this.. this shouldn't be a          
problem.. you don't need root to run this, as 
everything can be crafted via setsockopt..
                                                        
mhhh, should get you in.. < 5 minutes..                 
no guarantees though.. 

OpenBSD developers are weenies ;)                                      

TESO: 2^32-1  SecurityFocus: 2>>2


password: 
[*] finding ip_reass delta.. FOUND: 154
[*] checking for timeout during reassembly error.. PASSED
[*] final stage of exploitation. you should receive a
shell prompt in a matter of minutes if all is fine..
FreeBSD saturn 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Sep  6 10:18:37 EST 2002     ubel@saturn:/usr/src/sys/compile/SATURN  i386
uid=0(root) gid=0(wheel)