Critical Ping Vulnerability Let Hackers Take Over FreeBSD Systems Remotely
A excessive vulnerability in the FreeBSD running procedure’s ping module permits Attackers to please in an arbitrary code and rob over the procedure remotely. Developers of the running procedure these days released security updates. CVE-2022-23093 has been assigned to the flaw.
It is a stack-essentially essentially based entirely buffer overflow vulnerability in FreeBSD’s ping provider that is affecting all supported variations of the FreeBSD running procedure.
Ping is a program that will almost definitely be gentle to test the reachability of a miles-off host using ICMP messages. To send and receive ICMP messages, ping makes employ of raw sockets and thanks to the this fact requires elevated privileges.
"The memory safety bugs triggered by a remote host, causing the ping program to crash. It may be possible for a malicious host to trigger remote code execution in ping." reported at FreeBSD advisory.
- CVE Name: CVE-2022-23093
- Module: ping
- Launched: 2022-11-29
- Credits: Tom Jones
- Impacts All supported variations of FreeBSD.
Ping Vulnerability Affect
Within the pr_pack() feature, the raw IP packets from the network had been learn by ping and then processed to please in responses. To facilitate the additional processing of IP and ICMP headers, pr_pack() copies the bought knowledge into stack buffers.
As a consequence, IP option headers could well well additionally just seem at both the tip of the IP header in the response or in the quoted packet, which will not be taken into consideration.
If the IP option headers are demonstrate when the destination buffer is overflowed, the destination buffer has the attainable to be overflowed by as valuable as 40 bytes.
It is that that that it’s good to well maybe deem of for a miles-off host to trigger the ping program to atomize by triggering the memory safety worm, which causes this technique to atomize. Malicious hosts could well well potentially be ready to make employ of ping to trigger a miles-off code execution via the utilization of a ways-off calls.
While this discovering comes after a fresh Ping vulnerability has been stumbled on in the snap-confine application equipped with Linux OS by the security researchers at Qualys.
"The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrainted in how it can interact with the rest of the system at the point where the bug can occur."
Solution
In articulate to guard vulnerable programs, researchers delight in urged customers to straight upgrade them to a supported originate (releng) of FreeBSD which is dated after the error is corrected.
Since there’s now not any workaround available for the time being to fix this pickle, according to the maintainers of the FreeBSD running procedure.
replace?
There are two the procedure to regulate your FreeBSD running procedure and here below now we delight in mentioned both of them:-
Exchange via a binary patch
- By using the freebsd-replace(8) utility, customers of the RELEASE version of FreeBSD running on the amd64, i386, or arm64 platforms can delight in sure that their programs are up to this level. Right here below are the commands to compose the process:-
- freebsd-replace get
- freebsd-replace install
Exchange via a provide code patch
- Initially download the connected patch from the following locations:
- get https://security.FreeBSD.org/patches/SA-22:15/ping.patch
- get https://security.FreeBSD.org/patches/SA-22:15/ping.patch.asc
- Now using your PGP utility, it is miles predominant to ascertain the signature of the level-headed PGP file.
- gpg –test ping.patch.asc
- Be obvious that that the patch is applied. After which as root it is miles predominant to please in the following commands:-
- cd /usr/src
- patch < /path/to/patch
- The utilization of the buildworld and installworld, now that that it’s good to well maybe recompile the running procedure.
Source credit : cybersecuritynews.com