FreeBSD : hafiye -- lack of terminal escape sequence filtering (027380b7-3404-11d9-ac1b-000d614f7fad)

High Nessus Plugin ID 37293


The remote FreeBSD host is missing a security-related update.


A advisory reads :

Hafiye-1.0 doesnt filter the payload when printing it to the terminal.
A malicious attacker can send packets with escape sequence payloads to exploit this vulnerability.

If Hafiye has been started with -n packet count option , the vulnerability could allow remote code execution. For remote code execution the victim must press Enter after program exit.

Note that it appears that this bug can only be exploited in conjunction with a terminal emulator that honors the appropriate escape sequences.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 37293

File Name: freebsd_pkg_027380b7340411d9ac1b000d614f7fad.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2009/04/23

Modified: 2014/09/18

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:hafiye, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/11/11

Vulnerability Publication Date: 2004/08/23