Nikolaos Rangos

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 7.0 through 7.x **Description** The issue arises from the way `sys term.c` in `telnetd` handles environment variables. Specifically, it uses a method to delete dangerous environment variables that was valid only in older FreeBSD distributions. This could allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client. For example, an attacker could pass an `LD PRELOAD` value that references a malicious library. **Recommendations** For FreeBSD versions 7.0 through 7.x, update to a version that uses a secure method to handle environment variables, ensuring that dangerous variables are properly deleted to prevent arbitrary code execution.