Return
-
Title
KACE response to Stack overflow in ping(8) Vulnerability CVE-2022-23093 -
Description
This article addresses the status of the KACE SMA regarding the Stack overflow in ping(8) vulnerability described under CVE-2022-23093. For more details about this vulnerability please refer to the FreeBSD Security Advisory . -
Resolution
The vulnerability reported under CVE-2022-23093 could potentially affect KACE SMA appliances where Ping is used as a network discovery tool of potentially unsafe IP ranges or as a troubleshooting tool to potentially unsafe hosts.
A hotfix is available to address the issue reported under CVE-2022-23093 for KACE SMA version 12.1 where ping is used as described above.Quest recommends that all customers ensure they are running a supported version of the KACE System Management Appliance.
To have the hotfix applied, please reach out to our Tech Support for assistance. For details about our product lifecycle, please refer to the KACE SMA product lifecycle table.