Re: FreeBSD Security Advisory FreeBSD-SA-22:15.ping
- Reply: Ed Maste : "Re: FreeBSD Security Advisory FreeBSD-SA-22:15.ping"
- In reply to: Brooks Davis : "Re: FreeBSD Security Advisory FreeBSD-SA-22:15.ping"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 01 Dec 2022 15:27:44 UTC
On 11/30/2022 5:38 PM, Brooks Davis wrote: > It's probably also worth considering it as a local privilege escalation > attack. The attacker will need to control a ping server, but it's often > the case that enough ICMP traffic is allowed out for that to work and in > that case they have unlimited tries to defeat any statistical mitigations > (unless the admin spots all the ping crashes). My concern is the "evil server in the middle" ... Things like route highjacking are not that uncommon. I have a number of IoT devices out there I will need to patch, some still based on RELENG_11. The patch doesnt apply cleanly, but looking at the source code, there are a bunch of spots where #ifdef IP_OPTIONS If I put on the top of sbin/ping.c undef IP_OPTIONS will the code that is problematic get compiled out and avoid the issue ? ping.c:#ifdef IP_OPTIONS ping.c:#ifdef IP_OPTIONS ping.c: if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace, ping.c: err(EX_OSERR, "setsockopt IP_OPTIONS"); ping.c:#endif /* IP_OPTIONS */ For now, I would rather push a patched ping which I can do quickly to a few hundred devices ---Mike