[talk] PingForShell

Raul Cuza raulcuza at gmail.com
Mon Dec 5 09:25:01 EST 2022


I made up that name for CVE-2022-23093 and release it under CopyHumor
license.

But seriously am I bonkers to think Hacker news is yellow journalism when
it says ping can be used to take over a FreeBSD box (
https://thehackernews.com/2022/12/critical-ping-vulnerability-allows.html)?

The FreeBSD announcement
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
clearly says it runs in a sandbox and has limited execution options.

Someone who knows more please enlighten.

Thank you. R
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20221205/c0c5c1da/attachment.htm>


More information about the talk mailing list