RCE via ND6 Router Advertisements in FreeBSD

https://www.freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc

23•weeha•1h ago

Comments

imvetri•1h ago

is my understanding right?

"PC or computers or hardware that uses OS that consume FreeBSD, has a faulty software for the router's firmware?"

"The router's software performs ad distributions?"

"The version of internet, the router uses, is updated, whereas, the target machine, or the user's machine is still running a old version"

"The security patch works for the modern but not the precursor version?"

"This leaves older systems obsolete in the market?"

"is this a step-by-step instructions to business owners to introduce new products, selling that older products are obsolete" ?

eptcyka•1h ago

No, I don't think you are understanding this right, but there are some good questions you are asking. Where is the flag button?

If you are a real human, the most interesting question you're bringing up is What about all the appliances backed by FreeBSD? Yes, they are obsolete if they use IPv6 and accept RAs and if they don't get updates.

jacquesm•1h ago

That was my first thought, if this is an embedded system without an update path this will be super hard to solve. People usually are not even aware of what OS their appliances run under the hood and whether or not they are updated automatically and how to update them if they are not.

jacquesm•1h ago

Oh that's a nasty one, embedded FreeBSD users will have a hard time mitigating this.

formerly_proven•59m ago

Free jailbreaks for everyone though!

jacquesm•49m ago

We had a soccer player in NL that was wildly popular and he had these funny remarks every now and then which got him nicknamed the most well known dutch philosopher. One of these was 'every advantage has its disadvantage', I guess this is one of those.

TekMol•1h ago

    vulnerable to remote code execution from
    systems on the same network segment

Isn't almost every laptop these days autoconnecting to known network names like "Starbucks" etc, because the user used it once in the past?

That would mean that every FreeBSD laptop in proximity of an attacker is vulnerable, right? Since the attacker could just create a hotspot with the SSID "Starbucks" on their laptop and the victim's laptop will connect to it automatically.

francasso•55m ago

If you run FreeBSD on your laptop you don't auto connect to public WiFi.

Joking, but not that much :)

badgersnake•13m ago

Your wifi chip probably isn’t supported tbh.

hhh•54m ago

dozens of people will be affected

rs_rs_rs_rs_rs•1h ago

IPv6 is a prerequisite for the bug to be exploited, it won't affect anyone.

ale42•55m ago

Why, is IPv6 activation manual in FreeBSD?

rs_rs_rs_rs_rs•50m ago

It's enabled by default, I was mostly talking about being in a lan with active ipv6, imo that's not that common.

shakna•49m ago

That's pretty standard where I am. Every Telstra router comes with IPv6 enabled.

ale42•24m ago

IMHO you do not need "active" IPv6. Most LANs (unless you have some switch-level filtering that blocks router advertisements from "unauthorized" nodes) can transport such IPv6 packets. Then it just takes being connected to the LAN and being able to send an arbitrary ICMP6 packet (which probably means being root on the attacker machine, not a very high barrier I'd say).

tuetuopay•1m ago

Can we be done with the house of cards that are shell scripts everywhere?

Anyways, this feels like a big issue for "hidden" FreeBSD installs, like pfSense or TrueNAS (if they are still based on it though). Or for servers on hosting providers where they share a LAN with their neighbors in the same rack.

And it's a big win for jailbreaking routers :D

Webpage content should not be able to influence GC via WeakRef

Aaron Van Wirdum predicts the future of crypto

DCMS Pheix – First RTM Release «from the Basement»

Visualizing interaction-driven restructuring of quantum Hall edge states

Microsoft kills IntelliCode in favor of the paid Copilot

Show HN: Map of median rent per m² in Berlin

Discovering Clara Rules: Business Logic That AI Can Understand

GitHub cancels Actions price change for self-hosted runners

Attempting cross translation unit taint analysis for Firefox

The App Paradigm Inversion

Online Textbook for Braid groups and knots and tangles

Hacker News Reader created using Claude

How a major convenience store chain became a hub for crypto scams

Is Stackoverflow.com Broken?

Hybrid Search: OLAP with vector search and full-text search and SQL analytics

The "Zero-Employee" Marketing Stack: Scaling SaaS from Seed to Series A

Rayneo Air 3s Pro AR Glasses Review

OpenAI Academy for News Organizations

Ask HN: Self-hosted AD/Entra ID alternative that works with Windows and Linux?

Blue States Used to Lead in Education. Not Anymore

Hacking LLDB for a great Zig debugging experience

Ask HN: Decentralized Auth for Information Exchange?

Harry Potter–Style 'Moving Invisibility Cloak' Technology Developed

What Is Orthokeratology?

'It's an open invasion': how quagga mussels changed Lake Geneva

Nvidia Publishes Complete Evaluation Recipe for Nemotron 3 Nano

Prompts Are Broken

Differential Fuzzing Across the Language Divide

Show HN: SuperchargeBrowser – Privacy-first Chrome extension to fix performance

King William's College – Isle of Man "The World's Most Difficult Quiz" [pdf]