• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical ping vulnerability allows remote attackers to take over freebsd

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

You are here: Home / General Cyber Security News / Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
December 5, 2022

The maintainers of the FreeBSD running program have introduced updates to remediate a security vulnerability impacting the ping module that could be likely exploited to crash the software or cause remote code execution.

The issue, assigned the identifier CVE-2022-23093, impacts all supported variations of FreeBSD and concerns a stack-centered buffer overflow vulnerability in the ping service.

“ping reads uncooked IP packets from the network to approach responses in the pr_pack() perform,” in accordance to an advisory posted last week.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

“The pr_pack() copies gained IP and ICMP headers into stack buffers for even more processing. In so performing, it fails to just take into account the probable presence of IP solution headers next the IP header in both the reaction or the quoted packet.”

As a consequence, the place buffer could be overflowed by up to 40 bytes when the IP possibility headers are present.

The FreeBSD Task famous that the ping procedure operates in a capability method sandbox and is for that reason constrained in how it can interact with the relaxation of the working procedure.

OPNsense, an open source, FreeBSD-dependent firewall and routing computer software, has also introduced a patch (edition 22.7.9) to plug the security gap, together with other issues.

The conclusions occur as researchers from Qualys thorough one more new vulnerability in the snap-confine program in the Linux running procedure, building on a past privilege escalation flaw (CVE-2021-44731) that came to gentle in February 2022.

Snaps are self-contained application offers that can be distributed by upstream developers to consumers.

The new shortcoming (CVE-2022-3328), launched as element of a patch for CVE-2021-44731, can be chained with two other flaws in multipathd referred to as Leeloo Multipath – an authorization bypass and a symlink attack tracked as CVE-2022-41974 and CVE-2022-41973 – to get root privileges.

Because the multipathd daemon operates by default as root, a productive exploitation of the flaws could empower an unprivileged risk actor to get hold of the highest permissions on the vulnerable host and execute arbitrary code.

Observed this article interesting? Comply with us on Twitter  and LinkedIn to go through extra exceptional content material we put up.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «google rolls out new chrome browser update to patch yet Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Next Post: French Hospital Halts Operations After Cyber-Attack Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.