FreeBSD-SA-25:12.rtsold.asc clarification needed
- Reply: Polarian : "Re: FreeBSD-SA-25:12.rtsold.asc clarification needed"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 22 Dec 2025 20:17:49 UTC
Just trying to better understand this issue as it says no work around is available yet if ipv6 is disabled, this seems like a work around ? No workaround is available. Users not using IPv6, and IPv6 users that do not configure the system to accept router advertisement messages, are not affected. A network interface listed by ifconfig(8) accepts router advertisement messages if the string "ACCEPT_RTADV" is present in the nd6 option list. The issue seems to be in userland with the patch being --- usr.sbin/rtsold/rtsol.c.orig +++ usr.sbin/rtsold/rtsol.c And more specifically, to be vulnerable, does rtsold need to be actually running ? Or does the program get called by the kernel somehow. ie. I need rtsold_enable="YES" in /etc/rc.conf and seeing ACCEPT_RTADV in ifconfig is not actually sufficient to be vulnerable to this ? Is patching the userland daemon enough ? It seems to be "Restart the applicable daemons, or reboot the system." ---Mike