I have tarred up the two files that were found on a compromised machine on my subnet. They can be downloaded below. It purports to be a remote kernel exploit for *BSD systems. This is very dubious, but in the interests of security, it may still be worthy of a forensics analysis. Unfortunately, I do not have the password that allows the encrypted exploit to run, so you're on your own here.
Regardless of whether or not this is a fake exploit, everyone is urged to take proper security precautions before running untrusted executables on your systems. It may be best to play around with this on a spare system at hand.
From the EXAMPLE file:
./7350reass 10.0.0.2
7350reass - OpenBSD/FreeBSD/NetBSD remote kernel exploit
fragment reassembly numeric overflow + logic fuckup
-s & -l (21/04)
inferior exploits for this bug rely on 3 values.. we
only need the ip_reass delta, but still, patience
is required to find this.. this shouldn't be a
problem.. you don't need root to run this, as
everything can be crafted via setsockopt..
mhhh, should get you in.. < 5 minutes..
no guarantees though..
OpenBSD developers are weenies ;)
TESO: 2^32-1 SecurityFocus: 2>>2
password:
[*] finding ip_reass delta.. FOUND: 154
[*] checking for timeout during reassembly error.. PASSED
[*] final stage of exploitation. you should receive a
shell prompt in a matter of minutes if all is fine..
FreeBSD saturn 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Sep 6 10:18:37 EST 2002 ubel@saturn:/usr/src/sys/compile/SATURN i386
uid=0(root) gid=0(wheel)
7350reass.tar.gz