Buffer Overflow vulnerability in FreeBSD

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

A vulnerability in FreeBSD ping has been discovered that could allow remote code execution. A remote host can trigger the memory safety bug, causing the ping program to crash. Ping runs inside a capability mode sandbox on all affected versions of FreeBSD, so at the point where this bug can occur, it is very restricted in its ability to interact with the rest of the system.