Announcement

**phoenix_rizzen** · 23 October 2023, 11:57 AM

Originally posted by kylew77 View Post

Thanks for this. I didn't know. The vulnerability that comes to mind for me is when they had a remote code execution vulnerability in the ping command.

You might want to read up on what the ping vulnerability actually is. It's a memory overflow by 40 bytes, not a remote code execution issue. And it's a memory overflow inside a sandbox with limited privileges. Is it a security issue? Yes. It causes the ping program to crash and could be used as a potential DoS attack. But it's not like you're taking control of a remote system with root access by sending a single ping to it.

https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc

Announcement

FreeBSD 14.0-RC2 Pulls In OpenZFS 2.2, OpenSSH 9.5p1

Comment