Date: Mon, 22 Dec 2025 23:23:11 +0000 From: Polarian <polarian@polarian.dev> To: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-25:12.rtsold.asc clarification needed Message-ID: <20251222232311.1939bf75@Hydrogen> In-Reply-To: <9db9807a-a05e-4bcf-85b5-8e921db91f5b@denninger.net> References: <a4d9a76b-3812-475e-9f2f-b885c5f5960a@sentex.net> <20251222210308.4352ee6f@Hydrogen> <479965af-2f24-4ee5-b938-adc1e5eea2a4@sentex.net> <20251222211100.3f245825@Hydrogen> <a4d9d318-e92c-4294-94e3-0d7b5a0126de@sentex.net> <20251222215128.212a1040@Hydrogen> <e9385ca9-d826-4f5e-9df5-169f2d5a0133@sentex.net> <9db9807a-a05e-4bcf-85b5-8e921db91f5b@denninger.net>
index | next in thread | previous in thread | raw e-mail
Hey, > When I asked if patching the userland code was enough, you said no. Sorry I must have misunderstood. > Without rtsold if you have an interface that goes down and comes back > up you likely will not get routes (including default) until the > gateway performs its next timed transmission (typically 10 minutes.) To my knowledge, rtsold sends out router solicitation, this is has nothing to do with resolvconf, so actually I am not 100% sure I understand how rtsold can be used in this RCE. The domain search would be within the advertisement, and thus parsed by rtsol and passed to resolvconf, this is where the RCE exploit could take place. In any case rtsold and rtsol are both used in SLAAC, and whether its just one or them, or both of them play a part in the RCE, the solution is the same. Rebooting if you can spare the minute downtime is your best bet, if not netif restart should ensure the patch is applied. Take care, -- Polarian Jabber/XMPP: polarian@icebound.devhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20251222232311.1939bf75>