Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 05:53:17 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1852922040&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0902-advisories%2FFreeBSD-SA-09-05.telnetd.txt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1852922040.1338184397.1338184397.1338184397.1%3B%2B__utmz%3D32867617.1338184397.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/75012/FreeBSD-SA-09-05.telnetd.txt http://packetstormsecurity.org/files/75012/FreeBSD-SA-09-05.telnetd.txt http://packetstormsecurity.org/files/75012/FreeBSD-SA-09-05-telnetd-Code-Execution.html Tue, 17 Feb 2009 21:42:47 GMT FreeBSD Security Advisory - In order to prevent environment variable based attacks, telnetd scrubs its environment; however, recent changes in FreeBSD's environment-handling code rendered telnetd's scrubbing inoperative, thereby allowing potentially harmful environment variables to be set. An attacker who can place a specially-constructed file onto a target system (either by legitimately logging into the system or by exploiting some other service on the system) can execute arbitrary code with the privileges of the user running the telnet daemon (usually root).