* [Cerowrt-devel] Fwd: Remote code execution bug in FreeBSD's ping (CVE-2022-23093)
[not found] <DM4PR18MB4254443C49D441785E22DF20AB149@DM4PR18MB4254.namprd18.prod.outlook.com>
@ 2022-12-01 17:18 ` Dave Taht
0 siblings, 0 replies; only message in thread
From: Dave Taht @ 2022-12-01 17:18 UTC (permalink / raw)
To: cerowrt-devel
ping.
---------- Forwarded message ---------
From: Mike Lewinski via NANOG <nanog@nanog.org>
Date: Thu, Dec 1, 2022 at 9:16 AM
Subject: Remote code execution bug in FreeBSD's ping (CVE-2022-23093)
To: nanog@nanog.org <nanog@nanog.org>
Ooof.
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
Some hope here: "The ping process runs in a capability mode sandbox on
all affected versions of FreeBSD and is thus very constrainted in how
it can interact with the rest of the system at the point where the bug
can occur."
Lots of other things are based on FreeBSD and may be affected,
including firewalls like pfsense and OPNsense and possibly Junos. At
the least I expect host discovery is ramping up by now.
--
This song goes out to all the folk that thought Stadia would work:
https://www.linkedin.com/posts/dtaht_the-mushroom-song-activity-6981366665607352320-FXtz
Dave Täht CEO, TekLibre, LLC
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-12-01 17:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <DM4PR18MB4254443C49D441785E22DF20AB149@DM4PR18MB4254.namprd18.prod.outlook.com>
2022-12-01 17:18 ` [Cerowrt-devel] Fwd: Remote code execution bug in FreeBSD's ping (CVE-2022-23093) Dave Taht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox