The maintainers of the FreeBSD working system have launched updates to remediate a safety vulnerability impacting the ping module that may very well be doubtlessly exploited to crash this system or set off distant code execution.
The concern, assigned the identifier CVE-2022-23093, impacts all supported variations of FreeBSD and issues a stack-based buffer overflow vulnerability within the ping service.
“ping reads uncooked IP packets from the community to course of responses within the pr_pack() operate,” based on an advisory revealed final week.
“The pr_pack() copies obtained IP and ICMP headers into stack buffers for additional processing. In so doing, it fails to bear in mind the attainable presence of IP choice headers following the IP header in both the response or the quoted packet.”
As a consequence, the vacation spot buffer may very well be overflowed by as much as 40 bytes when the IP choice headers are current.
The FreeBSD Project famous that the ping course of runs in a functionality mode sandbox and is due to this fact constrained in the way it can work together with the remainder of the working system.
OPNsense, an open supply, FreeBSD-based firewall and routing software program, has additionally launched a patch (model 22.7.9) to plug the safety gap, together with different points.
The findings come as researchers from Qualys detailed one other new vulnerability within the snap-confine program within the Linux working system, constructing upon a earlier privilege escalation flaw (CVE-2021-44731) that got here to mild in February 2022.
Snaps are self-contained utility packages that may be distributed by upstream builders to customers.
The new shortcoming (CVE-2022-3328), launched as a part of a patch for CVE-2021-44731, might be chained with two different flaws in multipathd known as Leeloo Multipath – an authorization bypass and a symlink assault tracked as CVE-2022-41974 and CVE-2022-41973 – to achieve root privileges.
Since the multipathd daemon runs by default as root, a profitable exploitation of the failings might allow an unprivileged menace actor to acquire the best permissions on the weak host and execute arbitrary code.