CVE-2009-0641 - Vulnerability Details - OpenCVE

sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:7.0:::::::*
	cpe:2.3:o:freebsd:freebsd:7.0:beta_4::::::
	cpe:2.3:o:freebsd:freebsd:7.0:current::::::
	cpe:2.3:o:freebsd:freebsd:7.0-release:::::::*
	cpe:2.3:o:freebsd:freebsd:7.0_beta4:::::::*
	cpe:2.3:o:freebsd:freebsd:7.0_releng:::::::*
	cpe:2.3:o:freebsd:freebsd:7.1:::::::*
	cpe:2.3:o:freebsd:freebsd:7.1:rc1::::::

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html
http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc
http://www.securityfocus.com/bid/33777
https://exchange.xforce.ibmcloud.com/vulnerabilities/48780
https://www.exploit-db.com/exploits/8055

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-18T17:00:00

Updated: 2024-08-07T04:40:05.105Z

Reserved: 2009-02-18T00:00:00

Link: CVE-2009-0641

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-02-20T06:47:48.250

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0641

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-14T00:00:00", "descriptions": [{"lang": "en", "value": "sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FreeBSD-SA-09:05", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"}, {"name": "freebsd-telnet-ldpreload-code-execution(48780)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780"}, {"name": "33777", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33777"}, {"name": "20090214 FreeBSD zeroday", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html"}, {"name": "8055", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8055"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0641", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FreeBSD-SA-09:05", "refsource": "FREEBSD", "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"}, {"name": "freebsd-telnet-ldpreload-code-execution(48780)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780"}, {"name": "33777", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33777"}, {"name": "20090214 FreeBSD zeroday", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html"}, {"name": "8055", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8055"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:40:05.105Z"}, "title": "CVE Program Container", "references": [{"name": "FreeBSD-SA-09:05", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"}, {"name": "freebsd-telnet-ldpreload-code-execution(48780)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780"}, {"name": "33777", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33777"}, {"name": "20090214 FreeBSD zeroday", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html"}, {"name": "8055", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/8055"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0641", "datePublished": "2009-02-18T17:00:00", "dateReserved": "2009-02-18T00:00:00", "dateUpdated": "2024-08-07T04:40:05.105Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "47E0A416-733A-4616-AE08-150D67FCEA70", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.0:beta_4:*:*:*:*:*:*", "matchCriteriaId": "CDFA5AA9-E73F-448D-9754-41AF9AECB93A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.0:current:*:*:*:*:*:*", "matchCriteriaId": "C4E775BA-6DC1-4006-83A4-D30EA57417FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.0-release:*:*:*:*:*:*:*", "matchCriteriaId": "EC290462-4364-464F-8CE9-6F5E5BE6F246", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "F06B831E-D8F2-4380-B279-559CE103210F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*", "matchCriteriaId": "3ACC9072-4A33-4F1F-B790-2F9D5A52F71B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "803EFA9F-B7CB-4511-B1C1-381170CA9A23", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "52DBF406-9C77-4DDA-AB7D-40FAE40023D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library."}, {"lang": "es", "value": "sys_term.c en telnetd en FreeBSD v7.0-RELEASE y otras v7.x borra variables de entorno peligrosas con un m\u00e9todo que solo fue valido en distribuciones antiguas de FreeBSD, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un cliente de telnet de una variable de entorno manipulada, como se demuestra mediante el valor LD_PRELOAD que hace referencia a una librer\u00eda maliciosa."}], "id": "CVE-2009-0641", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-20T06:47:48.250", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33777"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/8055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33777"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/8055"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}, {"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}