First published: Fri Feb 20 2009(Updated: )
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeBSD FreeBSD | =7.0-release | |
FreeBSD FreeBSD | =7.1-rc1 | |
FreeBSD FreeBSD | =7.0_beta4 | |
FreeBSD FreeBSD | =7.0 | |
FreeBSD FreeBSD | =7.0_releng | |
FreeBSD FreeBSD | =7.1 | |
FreeBSD FreeBSD | =7.0-beta_4 | |
FreeBSD FreeBSD | =7.0-current |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.