• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical ping vulnerability allows remote attackers to take over freebsd

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

You are here: Home / General Cyber Security News / Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
December 5, 2022

The maintainers of the FreeBSD running program have introduced updates to remediate a security vulnerability impacting the ping module that could be likely exploited to crash the software or cause remote code execution.

The issue, assigned the identifier CVE-2022-23093, impacts all supported variations of FreeBSD and concerns a stack-centered buffer overflow vulnerability in the ping service.

“ping reads uncooked IP packets from the network to approach responses in the pr_pack() perform,” in accordance to an advisory posted last week.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

“The pr_pack() copies gained IP and ICMP headers into stack buffers for even more processing. In so performing, it fails to just take into account the probable presence of IP solution headers next the IP header in both the reaction or the quoted packet.”

As a consequence, the place buffer could be overflowed by up to 40 bytes when the IP possibility headers are present.

The FreeBSD Task famous that the ping procedure operates in a capability method sandbox and is for that reason constrained in how it can interact with the relaxation of the working procedure.

OPNsense, an open source, FreeBSD-dependent firewall and routing computer software, has also introduced a patch (edition 22.7.9) to plug the security gap, together with other issues.

The conclusions occur as researchers from Qualys thorough one more new vulnerability in the snap-confine program in the Linux running procedure, building on a past privilege escalation flaw (CVE-2021-44731) that came to gentle in February 2022.

Snaps are self-contained application offers that can be distributed by upstream developers to consumers.

The new shortcoming (CVE-2022-3328), launched as element of a patch for CVE-2021-44731, can be chained with two other flaws in multipathd referred to as Leeloo Multipath – an authorization bypass and a symlink attack tracked as CVE-2022-41974 and CVE-2022-41973 – to get root privileges.

Because the multipathd daemon operates by default as root, a productive exploitation of the flaws could empower an unprivileged risk actor to get hold of the highest permissions on the vulnerable host and execute arbitrary code.

Observed this article interesting? Comply with us on Twitter  and LinkedIn to go through extra exceptional content material we put up.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «google rolls out new chrome browser update to patch yet Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Next Post: French Hospital Halts Operations After Cyber-Attack Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Freejacking Campaign By PurpleUrchin Bypasses Captchas
  • ChatGPT Used to Develop New Malicious Tools
  • Dark Web Actors Fight For Drug Trafficking and Illegal Pharmacy Supremacy
  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022

Copyright © TheCyberSecurity.News, All Rights Reserved.