FreeBSD telnetd TERMCAP Environment Variable DoS

2000-11-14T00:00:00
ID OSVDB:6083
Type osvdb
Reporter Jouko Pynnonen(jouko@solutions.fi)
Modified 2000-11-14T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user submits a request for an arbitrary large file in the TERMCAP environment variable to telnetd, which consumes cpu resources as the server processes the request, and will result in loss of availability for the platform.

Solution Description

Upgrade to version 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable the telnet service in /etc/inetd.conf or use TCP wrappers.

Enabled telnet in /etc/inetd.conf (vulnerable): telnet stream tcp nowait root /usr/libexec/telnetd telnetd telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd

Disabled telnet in /etc/inetd.conf (not vulnerable):

telnet stream tcp nowait root /usr/libexec/telnetd telnetd

telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd

Short Description

FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user submits a request for an arbitrary large file in the TERMCAP environment variable to telnetd, which consumes cpu resources as the server processes the request, and will result in loss of availability for the platform.

References:

Vendor URL: http://www.freebsd.org Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/freebsd/2000-11/0291.html Mail List Post: http://archives.neohapsis.com/archives/freebsd/2000-11/0292.html Mail List Post: http://archives.neohapsis.com/archives/freebsd/2000-11/0293.html Mail List Post: http://archives.neohapsis.com/archives/freebsd/2000-11/0295.html Mail List Post: http://archives.neohapsis.com/archives/freebsd/2000-11/0286.html ISS X-Force ID: 5959 CVE-2000-1184 Bugtraq ID: 1955