Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: critical vulnerability in the FreeBSD Ping utility
Image
Published : 14/12/2022
Reference:
Advisory #2022-47
Version:
1.0
Affected software:
FreeBSD Ping module
Type:
CWE-121: Stack-based Buffer Overflow
CVE/CVSS:
CVE-2022-23093
9.8 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Sources
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
Risks
FreeBSD has released a patch for a critical vulnerability in the “PING” module of the OS that could be exploited by a remote unauthenticated attacker. This could lead to a remote code execution (RCE).
The attack does not require any user interaction and can be executed remotely without privileges.
The impact to confidentiality, integrity and availability is high.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
Description
FreeBSD posted an advisory on the 29th of November detailing a vulnerability in the “ping” program. CVE-2022-23093 is a vulnerability that causes a stack-based buffer overflow when processing raw IP packets that have IP options present.
The function pr_pack() that processes responses, receives icmp packets, copies those packets into the stack buffer for further processing. This action fails to take in account the possible presence of IP option headers, causing a stack-based buffer overflow. This causes “ping” to crash, enabling a malicious host to possibly trigger a remote code execution.
Affected products
- FreeBSD OS ping module
- All supported versions
- Important to note that several vendors use FreeBSD as an underlying OS in their systems and products, especially for networking products like routers. For a comprehensive list you can navigate to Chapter 1. Introduction | FreeBSD Documentation Portal.
Recommended Actions
Patch
- Update FreeBSD to one of the versions below:
- 13.1-STABLE
- 13.1-RELEASE-p5
- 12.4-STABLE
- 12.4-RC2-p2
- 12.3-RELEASE-p10
- Update via binary patch
- Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility:
- # freebsd-update fetch
- # freebsd-update install
- Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility:
- Update via source code patch
- Follow the steps in the FreeBSD advisory
Mitigate/workaround
No workaround available
Monitor/Detect
The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
When applying patches to systems that have been vulnerable to an authentication bypass, a proactive threat assessment should be performed to verify the device was not accessed from an unknown IP or location.
References
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)