CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
94.5%
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.
Vendor | Product | Version | CPE |
---|---|---|---|
freebsd | freebsd | 7.0 | cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:* |
freebsd | freebsd | 7.0 | cpe:2.3:o:freebsd:freebsd:7.0:beta_4:*:*:*:*:*:* |
freebsd | freebsd | 7.0 | cpe:2.3:o:freebsd:freebsd:7.0:current:*:*:*:*:*:* |
freebsd | freebsd | 7.0-release | cpe:2.3:o:freebsd:freebsd:7.0-release:*:*:*:*:*:*:* |
freebsd | freebsd | 7.0_beta4 | cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:* |
freebsd | freebsd | 7.0_releng | cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:* |
freebsd | freebsd | 7.1 | cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:* |
freebsd | freebsd | 7.1 | cpe:2.3:o:freebsd:freebsd:7.1:rc1:*:*:*:*:*:* |