The FreeBSD operating system maintainers have issued updates addressing a critical security vulnerability in the ping module, which could be exploited to crash the application or execute code remotely. This vulnerability, identified as CVE-2022-23093, affects all supported FreeBSD versions and involves a stack-based buffer overflow triggered by maliciously crafted packets.
This issue arises when the ping service attempts to read raw IP packets to process responses via the pr_pack() function, as detailed in an official advisory. The function is responsible for copying IP and ICMP headers into stack buffers. Unfortunately, it overlooks any IP option headers that may be included, potentially allowing a buffer overflow of up to 40 bytes.
The FreeBSD Project has emphasized that the ping process operates within a capability mode sandbox, restricting its interaction with the operating system and thereby limiting the impact of any potential exploitation. Nevertheless, a successful attack on this vulnerability could still lead to significant risks, especially if combined with other exploits.
In addition to the updates from FreeBSD, OPNsense, a FreeBSD-based open-source firewall and routing platform, has also released a patch (version 22.7.9) to mitigate this security flaw along with addressing several other vulnerabilities. The ongoing vigilance within the FreeBSD community underscores the importance of prompt updates in maintaining security integrity.
Meanwhile, researchers from Qualys have reported a separate security flaw in the Linux operating system known as CVE-2022-3328, which emerges from a previous privilege escalation vulnerability (CVE-2021-44731). This latest vulnerability can be exploited in conjunction with other flaws in the multipathd service, enabling attackers to gain root privileges. Such escalations could allow a threat actor to execute arbitrary code on vulnerable systems.
As organizations increasingly rely on open-source software like FreeBSD and Linux, understanding and addressing these vulnerabilities becomes paramount for business owners. Potential adversary tactics, as defined in the MITRE ATT&CK framework, may include initial access through exploitation of public vulnerabilities, privilege escalation via successful exploitation of these identified flaws, and persistence through the use of backdoors or other means to maintain access once vulnerabilities are exploited.
The combination of these vulnerabilities highlights the ongoing risks associated with maintaining legacy systems. Businesses must remain vigilant and implement timely patches and security measures to safeguard sensitive data against evolving threats.