Description
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by kingcope · textlocalfreebsd
https://www.exploit-db.com/exploits/8055
References (5)
Core 5
Core References
Patch vendor-advisory
x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48780
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33777
Exploit mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8055
Scores
EPSS
0.1015
EPSS Percentile
93.1%
Details
CWE
CWE-16
CWE-264
Status
published
Products (5)
freebsd/freebsd
7.0 (3 CPE variants)
freebsd/freebsd
7.0-release
freebsd/freebsd
7.0_beta4
freebsd/freebsd
7.0_releng
freebsd/freebsd
7.1 (2 CPE variants)
Published
Feb 20, 2009
Tracked Since
Feb 18, 2026