Actions
Bug #13716
closedCVE-2022-23093 / FreeBSD-SA-22:15.ping
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
Ref: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
Not a significant concern for pfSense software:
- It only affects the
/sbin/ping
binary, it does not affectdpinger
(the source of most ICMP traffic from pfSense software). - It only affects specifically malformed packets received by the
ping
binary itself, not the IP stack. Soping
has to have initiated the communication and be waiting for a response, it cannot happen unsolicited. - There are a very small number of things in pfSense which initiate a
ping
using the affected binary, so unless a user is manually pinging a compromised remote host from the firewall itself, there is little to no opportunity to exploit it. - The
ping
process runs in a capability mode sandbox and drops privileges needed to do most harm before the point where the crash occurs.
We have patched the src trees and any future releases we make (including new snapshots) will include a fixed binary.
Updated by Jim Pingle about 2 years ago
Further clarification from FreeBSD makes it even more clear this amounts to nothing:
We've seen many blog posts and news articles about this issue and unfortunately most of them get the details wrong. So, to clarify: - This issue affects only /sbin/ping, not kernel ICMP handling. - The issue relies on receipt of malicious packet(s) while the ping utility is running (i.e., while pinging a host). - ping(8) is setuid root, but drops privilege (to that of the user executing it) after opening sockets but before sending or receiving data. - ping(8) runs in a Capsicum capability sandbox, such that even in the event of a compromise the attacker is quite limited (has no access to global namespaces, such as the filesystem). - It is believed that exploitation is not possible due to the stack layout on affected platforms.
Actions