[talk] PingForShell
Raul Cuza
raulcuza at gmail.com
Mon Dec 5 09:25:01 EST 2022
I made up that name for CVE-2022-23093 and release it under CopyHumor
license.
But seriously am I bonkers to think Hacker news is yellow journalism when
it says ping can be used to take over a FreeBSD box (
https://thehackernews.com/2022/12/critical-ping-vulnerability-allows.html)?
The FreeBSD announcement
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
clearly says it runs in a sandbox and has limited execution options.
Someone who knows more please enlighten.
Thank you. R
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20221205/c0c5c1da/attachment.htm>
More information about the talk
mailing list