FreeBSD : FreeBSD -- Possible login(1) argument injection in telnetd(8) (e00304d2-bbed-11e6-b1cf-14dae9d210b8)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

An unexpected sequence of memory allocation failures combined with
insufficient error checking could result in the construction and
execution of an argument sequence that was not intended. Impact : An
attacker who controls the sequence of memory allocation failures and
success may cause login(1) to run without authentication and may be
able to cause misbehavior of login(1) replacements.

No practical way of controlling these memory allocation failures is
known at this time.

See also :

http://www.nessus.org/u?9b50cac5

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95587 ()

Bugtraq ID:

CVE ID: CVE-2016-1888

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now