Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD telnetd privilege escalation
updated since 16.02.2009
Published:17.02.2009
Source:
SecurityVulns ID:9680
Type:remote
Threat Level:
9/10
Description:LD_xxx environment variable are not cleared on 'login' execution, makeing it's possible to execute code witi root privileges. For remote exploitation it's required to have ability to upload the file to remote system (via FTP, Web, etc).
Affected:FREEBSD : FreeBSD 7.0
 FREEBSD : FreeBSD 7.1
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd (17.02.2009)
 documentKingcope Kingcope, [Full-disclosure] FreeBSD zeroday (16.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod