FreeBSD telnetd sys_term.c Environment Variable Handling Privilege Escalation (FreeBSD-SA-09:05)

high Nessus Plugin ID 35700


The remote telnet server is vulnerable to a code execution attack.


A flaw in the environment-handling code used by the telnet server running on the remote host fails to scrub the environment of variables such as 'LD_PRELOAD' before calling the login program. An attacker who can place an arbitrary library on the remote host, either as a local user or remotely through some other means, can leverage this issue to execute arbitrary code subject to the privileges under which the service runs, typically 'root'.


Patch or upgrade the affected system as described in the project's advisory above.

See Also

Plugin Details

Severity: High

ID: 35700

File Name: freebsd_telnetd_code_exec.nasl

Version: 1.19

Type: remote

Published: 2/17/2009

Updated: 6/12/2020

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: High

Base Score: 7.6

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-0641

BID: 33777

CWE: 264, 16

EDB-ID: 8055