Security News > 2022 > December > Ping of death! FreeBSD fixes crashtastic bug in network tool

Ping of death! FreeBSD fixes crashtastic bug in network tool
2022-12-05 19:59

One of the first low-level network tools that any computer user learns about is the venerable ping utility.

As a result, ping it uses a much lower-level protocol than TCP. Indeed, ping doesn't even use TCP's more casual cousin UDP, short for user datagram protocol, which a way of transmitting data chunks that is fast and easy, but is popularly referred to as send-and-hope.

Type 0x08. Officially called ICMP Echo, this sort of packet is usually called an ECHO REQUEST. It's what the ping program sends out in order to probe for active computers on the network.

At best, your ping program will crash; at worst as the FreeBSD security advisory generously admits, "It may be possible for a malicious host to trigger remote code execution in ping."

As the FreeBSD authors also point out, "[t]he ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrainted in how it can interact with the rest of the system at the point where the bug can occur.

Notably, the ping program is not only locked in a sandbox, but isn't running as root when the buggy code gets reached, as confirmed in the security advisory: "When ping runs, it creates the raw socket needed to do its work, and then revokes its elevated privileges."


News URL

https://nakedsecurity.sophos.com/2022/12/05/ping-of-death-freebsd-fixes-crashtastic-bug-in-network-tool/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Freebsd 4 5 58 93 30 186