Re: FreeBSD Security Advisory FreeBSD-SA-22:15.ping

Reply: mike tancsa : "Re: FreeBSD Security Advisory FreeBSD-SA-22:15.ping"
In reply to: mike tancsa : "Re: FreeBSD Security Advisory FreeBSD-SA-22:15.ping"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dev Null <devnull_at_apt322.org>
Date: Wed, 30 Nov 2022 21:58:09 UTC

Easily to exploit in a test environment, but difficult to be exploited 
in the wild, since the flaw only can be exploited in the ICMP reply, so 
the vulnerable machine NEEDS to make an ICMP request first.

The attacker in this case, send a short reader in ICMP reply.

-- Rafael Grether

On 30/11/22 10:01, mike tancsa wrote:
>
> How likely is this bug exploited ?  I am guessing Man-in-the-middle 
> makes this a little more of an issue potentially
>
>     ---Mike
>