CVE-2009-0641

FreeBSD 7.x - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0641. PoCs published by kingcope.

AI-analyzed exploit summary This exploit leverages the FreeBSD telnet daemon's failure to sanitize LD_PRELOAD environment variables, allowing local or remote privilege escalation to root by preloading a malicious shared library. The PoC includes a compiled library that spawns a root shell when loaded.

Description

sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kingcope · textlocalfreebsd

https://www.exploit-db.com/exploits/8055

View Code ZIP pw:eip

This exploit leverages the FreeBSD telnet daemon's failure to sanitize LD_PRELOAD environment variables, allowing local or remote privilege escalation to root by preloading a malicious shared library. The PoC includes a compiled library that spawns a root shell when loaded.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: FreeBSD telnetd (7.0-RELEASE)

No auth needed

Prerequisites: Access to upload a malicious shared library to the target system (e.g., via FTP, NFS, or local file system) · Telnet access to the target system

MITRE ATT&CK

T1574.006 - Dynamic Linker Hijacking

devstral-2 · analyzed Feb 16, 2026 Full analysis →