FreeBSD bsdinstall and bsdconfig Wi-Fi Scan Remote Code Execution Vulnerability

A remote code execution vulnerability exists in FreeBSD's bsdinstall and bsdconfig utilities when they scan for nearby Wi-Fi networks. This issue arises because the network names are not properly sanitized, allowing a crafted name to execute commands through a subshell. The vulnerability can be exploited to execute code as root on the system. An attacker must create an access point with a maliciously crafted name and be within range for the Wi-Fi scan. The vulnerability is triggered as soon as the scan is initiated, without the need to select the malicious network.

Impact

Exploitation of this vulnerability allows for arbitrary code execution as the root user.

Remediation

Users can upgrade to a supported FreeBSD stable or release branch dated after the correction date. Instructions for updating via the pkg utility, freebsd-update utility, or by applying a source code patch are available in the FreeBSD Security Advisory.