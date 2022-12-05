Operating system maintainers FreeBSD have released updates to address a security vulnerability affecting the ping module that could potentially be exploited to crash the program or trigger remote code execution.

The problem, assigned the identifier CVE-2022-23093, affects all supported versions of FreeBSD and affects one stack overflow vulnerability of the stack-based buffer in the service ping.

“ping reads raw IP packets from the network to process responses in the pr_pack() functionaccording to a notice published last week.

Let’s first understand what ping is

Talking about this thing, without knowing what it is, helps little, Wikipedia helps us with one definition:

Ping (Packet internet groper) is a computer network administration utility used to measure the time, in milliseconds, it takes for one or more ICMP packets to reach a network device (through any IP-based computer network) and to go back to the origin.

Now, if you are an online video game player in particular (see FPS), you are probably already familiar with this concept, even if you may not be able to explain it in your own words.

In short we can say that “the lower the ping, the better the line“, called papal papal with an enormous simplification.

Imagine throwing a ball at a wall and it comes back to you: the faster that ball comes back to you, the less time it takes, here is ping explained with a metaphor.

How does this vulnerability work?

“The pr_pack() copies the received IP and ICMP headers into the stack buffers for further processing. In doing so, it disregards the possible presence of IP option headers following the IP header in the response or quoted packet.”

As a result, the destination buffer may be overloaded by up to 40 bytes when IP option headers are present.

The FreeBSD project authors noted that the ping process runs in a “capability” mode sandbox and is therefore limited in how it can interact with the rest of the operating system.

OPNsense, an open source FreeBSD-based routing and firewall software, has also released a patch (version 22.7.9) to plug the security hole, among other issues.

The findings come as Qualys researchers documented another new vulnerability in the snap-boundary program in the Linux operating system, building on a previous privilege escalation flaw (CVE-2021-44731) came to light in February 2022.

Snaps are self-contained application packages that can be distributed by upstream developers to users (if you are familiar with Linux systems, you know very well that with the Snap channel you can install things that you usually don’t install with “sudo apt install”, on FreeBSD being a Unix system does something analogous).

The new defect (CVE-2022-3328), introduced as part of a patch for CVE-2021-44731, can be “bumped” with two other defects in multipathd called Leeloo Multipath: An authorization bypass and symlink attack tracked as CVE-2022-41974 and CVE-2022-41973, which is to remotely gain root privileges.

Since multipathd runs as root by default, an exploitation of these programming flaws could allow an unprivileged attacker to gain the highest permissions on the vulnerable host and execute arbitrary code.

Concluding

FreeBSD chances are you don’t even know what it is, so this issue is about a niche much smaller than that of users of any Linux distribution, for example.

The only way is to wait for updates from the parent company that will solve the problem: that’s all.