32 matches found
📄 FreeBSD rtsold/rtsol DNSSL Command Injection
This Metasploit module exploits a command injection vulnerability CVE-2025-14558 in FreeBSD's rtsol8 and rtsold8 programs. These programs do not validate the domain search list options provided in IPv6 Router Advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8...
📄 FreeBSD 15.x rtsold DNSSL Command Injection
This Metasploit module targets a command injection vulnerability in the FreeBSD rtsold daemon related to the handling of DNSSL DNS Search List options in IPv6 Router Advertisements. Due to improper validation of domain names, attacker-controlled DNSSL values can inject shell commands via $...
📄 FreeBSD rtsold 15.x Remote Code Execution
rtsold8 on FreeBSD processes IPv6 Router Advertisement DNSSL options without validating domain names for shell metacharacters. The decoded domains are passed to resolvconf8, a shell script that uses unquoted variable expansion, enabling command injection via substitution. Exploit Title: FreeBSD...
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
Exploit Title: FreeBSD rtsold 15.x - Remote Code Execution via DNSSL Date: 2025-12-16 Exploit Author: Lukas Johannes Möller Vendor Homepage: https://www.freebsd.org/ Version: FreeBSD 13.x, 14.x, 15.x before 2025-12-16 patches Tested on: FreeBSD 14.1-RELEASE CVE: CVE-2025-14558 Description: rtsold...
Exploit for CVE-2025-14558
CVE-2025-14558 FreeBSD rtsold DNSSL Command Injection RCE...
FreeBSD -- Remote code execution via ND6 Router Advertisements
Problem Description: The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell...
PT-2025-51802
Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description A remote code execution issue exists in the IPv6 autoconfiguration handler in FreeBSD. The issue is present in the rtsold background process and the rtsol utility. An attacker can achieve...
EUVD-2020-18263
Malware in sbrugna...
EUVD-2014-3887
Malware in sbrugna...
CVE-2020-25583
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold8 decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...
CVE-2020-25583
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold8 decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...
CVE-2020-25577
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold8 does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currentl...
CVE-2020-25577
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold8 does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currentl...
CVE-2020-25583
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold8 decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...
Buffer overflow
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold8 decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...
Buffer overflow
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold8 does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currentl...
CVE-2020-25583
CVE-2020-25583 affects FreeBSD rtsold(8) handling of DNSSL and RDNSS options. The issue arises from insufficient bounds checking and incorrect validation of label lengths when decoding domain name labels (RFC 1035 encoding) in the DNSSL option, which could overflow the destination buffer. Affecte...
CVE-2020-25577
CVE-2020-25577 affects FreeBSD rtsold: insufficient bounds checking on RDNSS option extent (and related DNSSL handling) can allow malformed Router Advertisement data to flow to userspace, potentially enabling remote code execution in rtsold(8). Affects multiple FreeBSD branches (stable/11, stable...
CVE-2020-25577
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold8 does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currentl...
FreeBSD : FreeBSD -- Multiple vulnerabilities in rtsold (e2748c9d-3483-11eb-b87a-901b0ef719ab)
Two bugs exist in rtsold8's RDNSS and DNSSL option handling. First, rtsold8 failed to perform sufficient bounds checking on the extent of the option. In particular, it does not verify that the option does not extend past the end of the received packet before processing its contents. The kernel...