Re: FreeBSD-SA-25:12.rtsold.asc clarification needed

Reply: mike tancsa : "Re: FreeBSD-SA-25:12.rtsold.asc clarification needed"
In reply to: mike tancsa : "Re: FreeBSD-SA-25:12.rtsold.asc clarification needed"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Polarian <polarian_at_polarian.dev>
Date: Mon, 22 Dec 2025 21:51:28 UTC

Hey,

> I am trying to understand if rtsold is not running and not enabled,
> what from the kernel would spin that up to expose the code path that
> is patched in the advisory?

I don't get where you are getting a kernel vulnerability from.

The advisory already explains that the RCE comes from a lack of input
validation on the domain search field. This is a userspace
vulnerability.

This passed to resolvconf which does not validate its input, which
therefore allows for an RCE.

So why we talking about code paths within the kernel? Its not within
the networking stack, it is a vulnerability within the userspace
utilities.

-- 
Polarian
Jabber/XMPP: polarian@icebound.dev