📄 FreeBSD rtsold/rtsol DNSSL Command Injection

This Metasploit module exploits a command injection vulnerability CVE-2025-14558 in FreeBSD's rtsol8 and rtsold8 programs. These programs do not validate the domain search list options provided in IPv6 Router Advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8...

Exploit for CVE-2025-14558

CVE-2025-14558 FreeBSD rtsold DNSSL Command Injection RCE...

EUVD-2020-18263

Malware in sbrugna...

CVE-2020-25583

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold8 decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...

CVE-2020-25583

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold8 decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...

Buffer overflow

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold8 decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...

CVE-2020-25583

CVE-2020-25583 affects FreeBSD rtsold(8) handling of DNSSL and RDNSS options. The issue arises from insufficient bounds checking and incorrect validation of label lengths when decoding domain name labels (RFC 1035 encoding) in the DNSSL option, which could overflow the destination buffer. Affecte...

FreeBSD : FreeBSD -- Multiple vulnerabilities in rtsold (e2748c9d-3483-11eb-b87a-901b0ef719ab)

Two bugs exist in rtsold8's RDNSS and DNSSL option handling. First, rtsold8 failed to perform sufficient bounds checking on the extent of the option. In particular, it does not verify that the option does not extend past the end of the received packet before processing its contents. The kernel...

FreeBSD -- Multiple vulnerabilities in rtsold

Problem Description: Two bugs exist in rtsold8's RDNSS and DNSSL option handling. First, rtsold8 failed to perform sufficient bounds checking on the extent of the option. In particular, it does not verify that the option does not extend past the end of the received packet before processing its...

FreeBSD -- rtsold(8) remote buffer overflow vulnerability

Problem Description: Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold8. Impact: Receipt of a router advertisement message with a malformed DNSSL option, for instance from a compromised...

FreeBSD-SA-14:20.rtsold

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:20.rtsold Security Advisory The FreeBSD Project Topic: rtsold8 remote buffer overflow vulnerability Category: core Module: rtsold Announced: 2014-10-21 Credits...

Buffer overflow

Buffer overflow in the ndpmsgoptdnssldomain function in libndp allows remote routers to cause a denial of service crash and possibly execute arbitrary code via a crafted DNS Search List DNSSL in an IPv6 router advertisement...