CVE-2009-0641

Name of the Vulnerable Software and Affected Versions FreeBSD versions 7.0 through 7.x

Description The issue arises from the way sys term.c in telnetd handles environment variables. Specifically, it uses a method to delete dangerous environment variables that was valid only in older FreeBSD distributions. This could allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client. For example, an attacker could pass an LD PRELOAD value that references a malicious library.

Recommendations For FreeBSD versions 7.0 through 7.x, update to a version that uses a secure method to handle environment variables, ensuring that dangerous variables are properly deleted to prevent arbitrary code execution.