Date: Wed, 30 Nov 2022 18:58:09 -0300 From: Dev Null <devnull@apt322.org> To: mike tancsa <mike@sentex.net>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-22:15.ping Message-ID: <e9a7b2ca-a4a4-5b99-f915-0db46b60d1e8@apt322.org> In-Reply-To: <3dc86282-165d-8562-5cba-0da9896557b9@sentex.net> References: <20221130004601.043CE1C623@freefall.freebsd.org> <3dc86282-165d-8562-5cba-0da9896557b9@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Easily to exploit in a test environment, but difficult to be exploited in the wild, since the flaw only can be exploited in the ICMP reply, so the vulnerable machine NEEDS to make an ICMP request first. The attacker in this case, send a short reader in ICMP reply. -- Rafael Grether On 30/11/22 10:01, mike tancsa wrote: > > How likely is this bug exploited ? I am guessing Man-in-the-middle > makes this a little more of an issue potentially > > ---Mike >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e9a7b2ca-a4a4-5b99-f915-0db46b60d1e8>