CVE-2009-0641

FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.

sys_term.c en telnetd en FreeBSD v7.0-RELEASE y otras v7.x borra variables de entorno peligrosas con un método que solo fue valido en distribuciones antiguas de FreeBSD, lo que permite a atacantes remotos ejecutar código de su elección a través de un cliente de telnet de una variable de entorno manipulada, como se demuestra mediante el valor LD_PRELOAD que hace referencia a una librería maliciosa.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-02-18 CVE Reserved
2009-02-18 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-08-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-16: Configuration
CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (5)

URL	Tag	Source
https://exchange.xforce.ibmcloud.com/vulnerabilities/48780	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/8055	2024-08-07
http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html	2024-08-07
http://www.securityfocus.com/bid/33777	2024-08-07

URL	Date	SRC
http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc	2017-09-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				7.0 Search vendor "Freebsd" for product "Freebsd" and version "7.0"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				7.0 Search vendor "Freebsd" for product "Freebsd" and version "7.0"		beta_4		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				7.0 Search vendor "Freebsd" for product "Freebsd" and version "7.0"		current		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				7.0-release Search vendor "Freebsd" for product "Freebsd" and version "7.0-release"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				7.0_beta4 Search vendor "Freebsd" for product "Freebsd" and version "7.0_beta4"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				7.0_releng Search vendor "Freebsd" for product "Freebsd" and version "7.0_releng"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				7.1 Search vendor "Freebsd" for product "Freebsd" and version "7.1"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				7.1 Search vendor "Freebsd" for product "Freebsd" and version "7.1"		rc1		Affected