Only if you ping a bad (malicious) host.I saw something about a ping vulnerability on Twitter and immediately upgraded my headless box. It sounded like a serious vulnerability.
Not impossible, just very, very unlikely.Imagine if a "google" server is compromised ...
Or if you ping an innocuous host and you're hit by a MITM attack. But yes, you have to ping "something" in order to be hit.Only if you ping a bad (malicious) host.
rm /sbin/ping
Only if you ping a bad (malicious) host.If
Or if you ping an innocuous host and you're hit by a MITM attack. But yes, you have to ping "something" in order to be hit.
Edit: The SA claims no workaround was available. I'd suggestrm /sbin/ping
P5 included the fixed ping(1), it also included some fixes for p4 that broke Kerberos.Meaning, no workaround short of running freebsd-update, since ping was already patched there when the SA was announced?
Uhm, "no workaround available" in an SA just means there's no way to avoid the problem short of updating. I'd argue just removingMeaning, no workaround short of running freebsd-update, since ping was already patched there when the SA was announced?
ping
would avoid the problem. Yep, not really a recommended thing to do. Uhm, "no workaround available" in an SA just means there's no way to avoid the problem short of updating. I'd argue just removingping
would avoid the problem. Yep, not really a recommended thing to do.
Determining this seems to require wading through p4 and p5 changelogs, so that mismatch can be kind of worrisome if you are checking on things mechanically. I could understand why this could be a bother.p4 and p5 didn't involve the kernel, so it hasn't been updated.