FreeBSD -- Possible login(1) argument injection in telnetd(8)

2016-12-06T00:00:00
ID E00304D2-BBED-11E6-B1CF-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2016-12-06T00:00:00

Description

Problem Description: An unexpected sequence of memory allocation failures combined with insufficient error checking could result in the construction and execution of an argument sequence that was not intended. Impact: An attacker who controls the sequence of memory allocation failures and success may cause login(1) to run without authentication and may be able to cause misbehavior of login(1) replacements. No practical way of controlling these memory allocation failures is known at this time.