www.belgium.be Logo of the federal government

Warning: critical vulnerability in the FreeBSD Ping utility

Referentie: 
Advisory #2022-47
Versie: 
1.0
Geïmpacteerde software: 
FreeBSD Ping module
Type: 
CWE-121: Stack-based Buffer Overflow
CVE/CVSS: 

CVE-2022-23093
9.8 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Datum: 
14/12/2022

Bronnen

https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc

Risico’s

FreeBSD has released a patch for a critical vulnerability in the “PING” module of the OS that could be exploited by a remote unauthenticated attacker. This could lead to a remote code execution (RCE).

The attack does not require any user interaction and can be executed remotely without privileges.

The impact to confidentiality, integrity and availability is high.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

Beschrijving

FreeBSD posted an advisory on the 29th of November detailing a vulnerability in the “ping” program. CVE-2022-23093 is a vulnerability that causes a stack-based buffer overflow when processing raw IP packets that have IP options present.

The function pr_pack() that processes responses, receives icmp packets, copies those packets into the stack buffer for further processing. This action fails to take in account the possible presence of IP option headers, causing a stack-based buffer overflow. This causes “ping” to crash, enabling a malicious host to possibly trigger a remote code execution.

Affected products

  • FreeBSD OS ping module
    • All supported versions
  • Important to note that several vendors use FreeBSD as an underlying OS in their systems and products, especially for networking products like routers. For a comprehensive list you can navigate to Chapter 1. Introduction | FreeBSD Documentation Portal.

Aanbevolen acties

Patch

  • Update FreeBSD to one of the versions below:
    • 13.1-STABLE
    • 13.1-RELEASE-p5
    • 12.4-STABLE
    • 12.4-RC2-p2
    • 12.3-RELEASE-p10
  • Update via binary patch
    • Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility:
      • # freebsd-update fetch
      • # freebsd-update install
  • Update via source code patch
    • Follow the steps in the FreeBSD advisory

Mitigate/workaround

No workaround available

Monitor/Detect
The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

When applying patches to systems that have been vulnerable to an authentication bypass, a proactive threat assessment should be performed to verify the device was not accessed from an unknown IP or location.

Referenties

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)