Re: FreeBSD-SA-25:12.rtsold.asc clarification needed

Hey,

I discussed this within #freebsd on libera.chat.

> Just trying to better understand this issue as it says no work around
> is available yet if ipv6 is disabled, this seems like a work around ?

So is unplugging the ethernet cable and burying the device in a lead
box surrounded in 3 metres of concrete.

> And more specifically, to be vulnerable, does rtsold need to be
> actually running ? Or does the program get called by the kernel
> somehow. ie. I need rtsold_enable="YES" in /etc/rc.conf and seeing
> ACCEPT_RTADV
> in ifconfig is not actually sufficient to be vulnerable to this ?

This was a misconception which was explained within #freebsd. rtsol
actually is poorly named, as rtsol actually handles rtadv. If you have
ACCEPT_RTADV option on your interface, router advertisement packets
received is passed to rtsol.

So if ACCEPT_RTADV AND OR rtsold is in use, you are vulnerable to the
RCE. On your home network this is not a big deal, but if you use your
device on public wifi it would be quite the concern.

> Is patching the userland daemon enough ? It seems to be

No.

Hope this helps, and I hope I properly relayed the solution from IRC.

Take care,
-- 
Polarian
Jabber/XMPP: polarian@icebound.dev