FreeBSD : hafiye -- lack of terminal escape sequence filtering (027380b7-3404-11d9-ac1b-000d614f7fad)
High Nessus Plugin ID 37293
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA siyahsapka.org advisory reads :
Hafiye-1.0 doesnt filter the payload when printing it to the terminal.
A malicious attacker can send packets with escape sequence payloads to exploit this vulnerability.
If Hafiye has been started with -n packet count option , the vulnerability could allow remote code execution. For remote code execution the victim must press Enter after program exit.
Note that it appears that this bug can only be exploited in conjunction with a terminal emulator that honors the appropriate escape sequences.
SolutionUpdate the affected package.