Possible vulnerability in 'ping'

MWareman · December 12, 2022

I believe Polisy is based on FreeBSD. As such, the recently revealed vulnerability in 'ping' may well affect it.

Is this on the UDI teams radar to test for and mitigate?

https://thehackernews.com/2022/12/critical-ping-vulnerability-allows.html

Thank you!

larryllix · December 12, 2022

8 hours ago, MWareman said:

I believe Polisy is based on FreeBSD. As such, the recently revealed vulnerability in 'ping' may well affect it.

Is this on the UDI teams radar to test for and mitigate?

https://thehackernews.com/2022/12/critical-ping-vulnerability-allows.html

Thank you!

@Michel Kohanim

Bumbershoot · December 12, 2022

Looks like this vulnerability was corrected in the repositories last month, so it's very likely your Polisy OS is fixed if you've clicked on the "Upgrade Packages" button after the correction date below of 2022-11-29:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-22:15.ping                                       Security Advisory
                                                          The FreeBSD Project

Topic:          Stack overflow in ping(8)

Category:       core
Module:         ping
Announced:      2022-11-29
Credits:        Tom Jones
Affects:        All supported versions of FreeBSD.
Corrected:      2022-11-29 22:56:33 UTC (stable/13, 13.1-STABLE)
                2022-11-29 23:00:43 UTC (releng/13.1, 13.1-RELEASE-p5)
                2022-11-29 22:57:16 UTC (stable/12, 12.4-STABLE)
                2022-11-29 23:19:09 UTC (releng/12.4, 12.4-RC2-p2)
                2022-11-29 23:16:17 UTC (releng/12.3, 12.3-RELEASE-p10)
CVE Name:       CVE-2022-23093

EDIT: For what it's worth, from a quick look at the files on my Polisy at '/usr/local/etc/pkg/repos', it appears that my Polisy is getting updated files from both the FreeBSD project and UDI specific repos. My guess is that UDI maintains a FreeBSD mirror as well as having a repository for their own software.

This should mean that any updated packages from the FreeBSD maintainers should be passed along to Polisy users in relatively short order, provided users update their machines.

Edited December 12, 2022 by Bumbershoot

brians · December 12, 2022

This is only if you ping a bad host that contain the exploit.

If you don't go around pinging everything withing a polisy shell, then no worries.

Michel Kohanim · December 14, 2022

@MWareman, yes, 13.1p5 has already fixed it (released last week).

To upgrade please use the Admin Console.

With kind regards,
Michel

MWareman · December 15, 2022

Thank you!

MWareman · December 16, 2022

On 12/14/2022 at 1:05 PM, Michel Kohanim said:

@MWareman, yes, 13.1p5 has already fixed it (released last week).

To upgrade please use the Admin Console.

With kind regards,
Michel

Update appears to be failing. Spinning up many, (pages of them!).

polyglot 2233   0.0  1.1  84736  44796  -  I    23:24    0:11.20 python3 ./elk-poly.py (python3.9)
root     2919   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2921   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2923   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2925   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2928   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2930   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2932   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2982   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2984   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2986   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2988   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2990   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3032   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3054   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3056   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3058   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3060   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3062   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3064   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3066   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3068   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3070   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3072   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3074   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3076   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3078   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3080   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3082   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3084   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3086   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3088   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3090   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3092   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3094   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3096   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3098   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3100   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3103   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3106   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3109   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3112   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3115   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3118   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3120   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3122   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3124   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3126   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3128   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3130   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3132   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3134   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3136   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3138   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y

Finding the log - appears to not be able to update anything because pkg needs updating first - but it's not updating pkg first. (!)

New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.

larryllix · December 16, 2022

6 hours ago, MWareman said:

Update appears to be failing. Spinning up many, (pages of them!).

polyglot 2233   0.0  1.1  84736  44796  -  I    23:24    0:11.20 python3 ./elk-poly.py (python3.9)
root     2919   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2921   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2923   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2925   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2928   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2930   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2932   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2982   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2984   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2986   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2988   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2990   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3032   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3054   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3056   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3058   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3060   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3062   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3064   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3066   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3068   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3070   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3072   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3074   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3076   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3078   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3080   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3082   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3084   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3086   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3088   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3090   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3092   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3094   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3096   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3098   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3100   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3103   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3106   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3109   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3112   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3115   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3118   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3120   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3122   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3124   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3126   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3128   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3130   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3132   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3134   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3136   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3138   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y

Finding the log - appears to not be able to update anything because pkg needs updating first - but it's not updating pkg first. (!)

New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.

See (to fix)

MWareman · December 16, 2022

57 minutes ago, larryllix said:

See (to fix)

Thank you! Fixed it for me as well...

larryllix · December 16, 2022

3 minutes ago, MWareman said:

Thank you! Fixed it for me as well...

Yeah @Michel Kohanim reported they found the initial update process was flawed and was fixing it. Sure caused some commotion here for me for a night though.

asbril · December 16, 2022

3 hours ago, larryllix said:

for a night

and your nights are long this time of the year :-)

larryllix · December 16, 2022

2 hours ago, asbril said:

and your nights are long this time of the year

I used the laughing emoticon 'cause there was no finger bird.

Sign In

Possible vulnerability in 'ping'

Recommended Posts

MWareman

larryllix

Bumbershoot

brians

Michel Kohanim

MWareman

MWareman

larryllix

MWareman

larryllix

asbril

larryllix

Recently Browsing

Who's Online (See full list)

Forum Statistics

Browse

Activity