Skip to main content

Configuration

CVE-2009-0641

Severity High
Score 9.3/10

Summary

sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.

  • MEDIUM
  • NETWORK
  • NONE
  • COMPLETE
  • COMPLETE
  • COMPLETE

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

  • Published