VULHUB ™

FreeBSD Security Advisory FreeBSD-SA-01:49 - An overflowable buffer was found in the version of telnetd included with FreeBSD. Due to incorrect bounds checking of data buffered for output to the remote client, an attacker can cause the telnetd process to overflow the buffer and crash, or execute arbitrary code as the user running telnetd, usually root. A valid user account and password is not required to exploit this vulnerability, only the ability to connect to a telnetd server. The telnetd service is enabled by default on all FreeBSD installations if the 'high' security setting is not selected at install-time. This vulnerability is known to be exploitable, and is being actively exploited in the wild. All released versions of FreeBSD prior to the correction date including 3.5.1-RELEASE and 4.3-RELEASE are vulnerable to this problem.

FreeBSD Security Advisory FreeBSD-SA-01:49 - An overflowable buffer was found in the version of telnetd included with FreeBSD. Due to incorrect bounds checking of data buffered for output to the remote client, an attacker can cause the telnetd process to overflow the buffer and crash, or execute arbitrary code as the user running telnetd, usually root. A valid user account and password is not required to exploit this vulnerability, only the ability to connect to a telnetd server. The telnetd service is enabled by default on all FreeBSD installations if the 'high' security setting is not selected at install-time. This vulnerability is known to be exploitable, and is being actively exploited in the wild. All released versions of FreeBSD prior to the correction date including 3.5.1-RELEASE and 4.3-RELEASE are vulnerable to this problem.