Critical Ping Vulnerability Let Hackers Take Over FreeBSD Systems Remotely

A critical vulnerability in the FreeBSD operating system’s ping module allows Attackers to execute an arbitrary code and take over the system remotely. Developers of the operating system recently released security updates. CVE-2022-23093 has been assigned to the flaw. 

It is a stack-based buffer overflow vulnerability in FreeBSD’s ping service that affects all supported versions of the FreeBSD operating system.

Ping is a program that can be used to test the reachability of a remote host using ICMP messages. To send and receive ICMP messages, ping makes use of raw sockets and therefore requires elevated privileges.

"The memory safety bugs  triggered by a remote host, causing the ping program to crash.  It may be possible for a malicious host to trigger remote code execution in ping." reported at FreeBSD advisory.

• CVE Name: CVE-2022-23093
• Module: ping
• Announced: 2022-11-29
• Credits: Tom Jones
• Affects All supported versions of FreeBSD.

Ping Vulnerability Impact

In the pr_pack() function, the raw IP packets from the network were read by ping and then processed to produce responses. To facilitate the further processing of IP and ICMP headers, pr_pack() copies the received data into stack buffers.

As a result, IP option headers may appear at either the end of the IP header in the response or in the quoted packet, which is not taken into account.

If the IP option headers are present when the destination buffer is overflowed, the destination buffer has the potential to be overflowed by as much as 40 bytes.

It is possible for a remote host to cause the ping program to crash by triggering the memory safety bug, which causes the program to crash. Malicious hosts could potentially be able to use ping to trigger a remote code execution via the use of remote calls.

While this finding comes after a new Ping vulnerability has been discovered in the snap-confine application provided with Linux OS by the security researchers at Qualys.

"The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrainted in how it can interact
with the rest of the system at the point where the bug can occur."

Solution

In order to protect vulnerable systems, researchers have urged users to immediately upgrade them to a supported release (releng) of FreeBSD which is dated after the error is corrected.

Since there is no workaround available at the moment to fix this problem, according to the maintainers of the FreeBSD operating system.

How to update?

There are two methods to update your FreeBSD operating system and here below we have mentioned both of them:-

Update via a binary patch

• By using the freebsd-update(8) utility, users of the RELEASE version of FreeBSD running on the amd64, i386, or arm64 platforms can ensure that their systems are up to date. Here below are the commands to perform the task:-

• freebsd-update fetch
• freebsd-update install

Update via a source code patch

• First of all download the relevant patch from the following locations:

• fetch https://security.FreeBSD.org/patches/SA-22:15/ping.patch
• fetch https://security.FreeBSD.org/patches/SA-22:15/ping.patch.asc

• Now using your PGP utility, you have to verify the signature of the detached PGP file.

• gpg –verify ping.patch.asc

• Make sure that the patch is applied. And then as root you have to execute the following commands:-

• cd /usr/src
• patch < /path/to/patch

• Using the buildworld and installworld, now you can recompile the operating system.

Penetration Testing As a Service – Download Red Team & Blue Team Workspace