TECHNICAL BULLETIN

T-144: FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability

May 27, 2009 16:00 GMT


PROBLEM:	FreeBSD 'telnetd' Daemon allows remote code execution.
PLATFORM:	FreeBSD FreeBSD 7.1-STABLE FreeBSD FreeBSD 7.0-STABLE FreeBSD FreeBSD 7.0-RELEASE
ABSTRACT:	Remote attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers.

LINKS:
DOE-CIRC BULLETIN:	http://www.doecirc.energy.gov/bulletins/t-144.shtml
OTHER LINKS:	Security Focus http://www.securityfocus.com/bid/33777/info Exploit Code http://downloads.securityfocus.com/vulnerabilities/exploits/33777.c

IMPACT ASSESSMENT:	The risk is High. Widely used service, root escalation.

Discussion:
FreeBSD is prone to a remote code-execution vulnerability. 

Remote attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this
issue will facilitate in the complete compromise of affected computers.

FreeBSD 7.0 and 7.1 branches are vulnerable.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not
otherwise publicly available or known to be circulating in the wild.

Patches:
http://security.freebsd.org/patches/SA-09:05/telnetd.patch
http://security.freebsd.org/patches/SA-09:05/telnetd.patch
http://security.freebsd.org/patches/SA-09:05/telnetd.patch

DOE-CIRC wishes to acknowledge the contributions of Kingcope for the information contained in this bulletin.

DOECIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at:

    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov

UCRL-MI-119788