The FreeBSD operating system maintainers have released updates to repair security vulnerabilities affecting the ping module that could be exploited to trigger program crashes and remote code execution.
“ping reads raw IP packets from the network and processes the responses with the pr_pack() function” Recommendation Published last week.
“A copy of pr_pack() takes the IP and ICMP Stores the header in the stack buffer for further processing. Doing so fails to take into account the possible presence of IP options headers following the IP header in either the response or the quoted packet. “
As a result, the destination buffer can overflow up to 40 bytes if IP Options headers are present.
The FreeBSD project states that the ping process Feature Mode Sandbox Therefore, it limits how you interact with the rest of the operating system.
OPNsense, an open source FreeBSD-based firewall and routing software, also released a patch (version 22.7.9) to close a security hole and solve other issues.
Findings come as Qualys researchers explain another detail. new vulnerability It builds on an earlier privilege escalation flaw (CVE-2021-44731) disclosed in February 2022 in the Linux operating system’s snap-confine program.
Snaps are self-contained application packages that upstream developers can distribute to their users.
A new flaw (CVE-2022-3328) introduced as part of the patch for CVE-2021-44731 can chain with two other flaws. multipath called Leeloo Multipath – Authentication bypass and symlink attacks tracked as CVE-2022-41974 and CVE-2022-41973 – To gain root privileges.
Because the multipathd daemon runs as root by default, successful exploitation of this flaw could allow an unprivileged attacker to execute arbitrary code with elevated privileges on a vulnerable host.