Detections
Analytics

FreeBSD : hafiye -- lack of terminal escape sequence filtering (027380b7-3404-11d9-ac1b-000d614f7fad)

high Nessus Plugin ID 37293

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A siyahsapka.org advisory reads :

Hafiye-1.0 doesnt filter the payload when printing it to the terminal.
A malicious attacker can send packets with escape sequence payloads to exploit this vulnerability.

If Hafiye has been started with -n packet count option , the vulnerability could allow remote code execution. For remote code execution the victim must press Enter after program exit.

Note that it appears that this bug can only be exploited in conjunction with a terminal emulator that honors the appropriate escape sequences.

Solution

Update the affected package.

See Also

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=70978

http://www.nessus.org/u?c2a917a5

http://www.enderunix.org/hafiye/

http://www.nessus.org/u?f31c6b9a

Plugin Details

Severity: High

ID: 37293

File Name: freebsd_pkg_027380b7340411d9ac1b000d614f7fad.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:hafiye, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/11/2004

Vulnerability Publication Date: 8/23/2004