FreeBSD : FreeBSD -- Possible login(1) argument injection in telnetd(8) (e00304d2-bbed-11e6-b1cf-14dae9d210b8)

high Nessus Plugin ID 95587

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

An unexpected sequence of memory allocation failures combined with insufficient error checking could result in the construction and execution of an argument sequence that was not intended. Impact : An attacker who controls the sequence of memory allocation failures and success may cause login(1) to run without authentication and may be able to cause misbehavior of login(1) replacements.

No practical way of controlling these memory allocation failures is known at this time.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?595f99e3

Plugin Details

Severity: High

ID: 95587

File Name: freebsd_pkg_e00304d2bbed11e6b1cf14dae9d210b8.nasl

Version: 3.4

Type: local

Published: 12/7/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Patch Publication Date: 12/6/2016

Vulnerability Publication Date: 12/6/2016

Reference Information

CVE: CVE-2016-1888

FreeBSD: SA-16:36.telnetd