The amd64_set_ldt() function in sys/amd64/amd64/sys_machdep.c in the FreeBSD kernel code is prone to an integer signedness error when processing a system call with specially crafted parameters originated from user space. This issue ultimately leads to a kernel heap overflow, which can be used by unprivileged local attackers to cause a kernel panic and crash the machine.
This module sends HTTP requests with specially crafted data making the ASP.NET subsystem consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. The PATH parameter must point to a ASP.NET web page, wich they normally have a ".aspx" extension.