Critical Ping bug potentially allows remote hack of FreeBSD systems

Home/BOTNET, Compromised, Data Breach, Evilproxy, Exploitation, hackers, Internet Security, IOC's, malicious cyber actors, Malicious extension, Malware/Critical Ping bug potentially allows remote hack of FreeBSD systems

Critical Ping bug potentially allows remote hack of FreeBSD systems

A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems.


The vulnerability exists due to a boundary error within the pr_pack() function in ping(8) when processing IP option headers following the IP header in either the response or the quoted packet. A remote attacker can send a specially crafted ICMP response to the affected system, trigger a stack-based buffer overflow and potentially execute arbitrary code on the target system.

OPNsense, an open source, FreeBSD-based firewall and routing software, has also released a patch (version 22.7.9) to plug the security hole, along with other issues.

The Project noted that the ping process runs in a capability mode sandbox and is therefore constrained in how it can interact with the rest of the operating system.

The new shortcoming (CVE-2022-3328), introduced as part of a patch for CVE-2021-44731, can be chained with two other flaws in multipathd called Leeloo Multipath – an authorization bypass and a symlink attack tracked as CVE-2022-41974 and CVE-2022-41973 – to gain root privileges.

Vulnerable software versions

FreeBSD: 12.0 – 13.1

Researchers are recommended to upgrade vulnerable systems to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!