This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote telnet server is vulnerable to a code execution attack.
A flaw in the environment-handling code used by the telnet server
running on the remote host fails to scrub the environment of variables
such as 'LD_PRELOAD' before calling the login program. An attacker who
can place an arbitrary library on the remote host, either as a local
user or remotely through some other means, can leverage this issue to
execute arbitrary code subject to the privileges under which the
service runs, typically 'root'.
See also :
Patch or upgrade the affected system as described in the project's
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.3
Public Exploit Available : true
Family: Gain a shell remotely
Nessus Plugin ID: 35700 (freebsd_telnetd_code_exec.nasl)
Bugtraq ID: 33777
CVE ID: CVE-2009-0641
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.