Date: Mon, 22 Dec 2025 21:03:08 +0000 From: Polarian <polarian@polarian.dev> To: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-25:12.rtsold.asc clarification needed Message-ID: <20251222210308.4352ee6f@Hydrogen> In-Reply-To: <a4d9a76b-3812-475e-9f2f-b885c5f5960a@sentex.net>
index | next in thread | previous in thread | raw e-mail
Hey, I discussed this within #freebsd on libera.chat. > Just trying to better understand this issue as it says no work around > is available yet if ipv6 is disabled, this seems like a work around ? So is unplugging the ethernet cable and burying the device in a lead box surrounded in 3 metres of concrete. > And more specifically, to be vulnerable, does rtsold need to be > actually running ? Or does the program get called by the kernel > somehow. ie. I need rtsold_enable="YES" in /etc/rc.conf and seeing > ACCEPT_RTADV > in ifconfig is not actually sufficient to be vulnerable to this ? This was a misconception which was explained within #freebsd. rtsol actually is poorly named, as rtsol actually handles rtadv. If you have ACCEPT_RTADV option on your interface, router advertisement packets received is passed to rtsol. So if ACCEPT_RTADV AND OR rtsold is in use, you are vulnerable to the RCE. On your home network this is not a big deal, but if you use your device on public wifi it would be quite the concern. > Is patching the userland daemon enough ? It seems to be No. Hope this helps, and I hope I properly relayed the solution from IRC. Take care, -- Polarian Jabber/XMPP: polarian@icebound.devhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20251222210308.4352ee6f>