FreeBSD : FreeBSD -- Possible login(1) argument injection in telnetd(8) (e00304d2-bbed-11e6-b1cf-14dae9d210b8)

Medium Nessus Plugin ID 95587


The remote FreeBSD host is missing one or more security-related updates.


An unexpected sequence of memory allocation failures combined with insufficient error checking could result in the construction and execution of an argument sequence that was not intended. Impact : An attacker who controls the sequence of memory allocation failures and success may cause login(1) to run without authentication and may be able to cause misbehavior of login(1) replacements.

No practical way of controlling these memory allocation failures is known at this time.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 95587

File Name: freebsd_pkg_e00304d2bbed11e6b1cf14dae9d210b8.nasl

Version: $Revision: 3.2 $

Type: local

Published: 2016/12/07

Modified: 2017/02/21

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N


Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Patch Publication Date: 2016/12/06

Vulnerability Publication Date: 2016/12/06

Reference Information

CVE: CVE-2016-1888

FreeBSD: SA-16:36.telnetd