N/A

sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.

N/A

N/A

FreeBSD telnetd守护程序远程代码执行漏洞

FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 telnet协议允许传送telnet通讯中的环境变量并分配给tcp连接的另一端。FreeBSD的telnet守护程序在执行/bin/login之前没有检查LD_* (如LD_PRELOAD)环境变量，因此攻击者可以在传送的环境变量中包含LD_PRELOAD标识和文件系统上带有恶意代码的预编译库值。在以用户id和组id 0(root)执行/bin/login时，就会通过telnet环境定义预加载远程连接所设置的库并执行。

N/A

N/A