The maintainers of the FreeBSD working system have launched updates to remediate a safety vulnerability impacting the ping module that may very well be probably exploited to crash this system or set off distant code execution.
The problem, assigned the identifier CVE-2022-23093, impacts all supported variations of FreeBSD and issues a stack-based buffer overflow vulnerability within the ping service.
“ping reads uncooked IP packets from the community to course of responses within the pr_pack() operate,” in accordance with an advisory revealed final week.
“The pr_pack() copies obtained IP and ICMP headers into stack buffers for additional processing. In so doing, it fails to take into consideration the attainable presence of IP possibility headers following the IP header in both the response or the quoted packet.”
As a consequence, the vacation spot buffer may very well be overflowed by as much as 40 bytes when the IP possibility headers are current.
The FreeBSD Venture famous that the ping course of runs in a functionality mode sandbox and is due to this fact constrained in the way it can work together with the remainder of the working system.
OPNsense, an open supply, FreeBSD-based firewall and routing software program, has additionally launched a patch (model 22.7.9) to plug the safety gap, together with different points.
The findings come as researchers from Qualys detailed one other new vulnerability within the snap-confine program within the Linux working system, constructing upon a earlier privilege escalation flaw (CVE-2021-44731) that got here to mild in February 2022.
Snaps are self-contained software packages that may be distributed by upstream builders to customers.
The brand new shortcoming (CVE-2022-3328), launched as a part of a patch for CVE-2021-44731, may be chained with two different flaws in multipathd referred to as Leeloo Multipath – an authorization bypass and a symlink assault tracked as CVE-2022-41974 and CVE-2022-41973 – to realize root privileges.
For the reason that multipathd daemon runs by default as root, a profitable exploitation of the failings might allow an unprivileged risk actor to acquire the very best permissions on the weak host and execute arbitrary code.
