FreeBSD telnetd privilege escalation

2009-02-17T00:00:00
ID SECURITYVULNS:VULN:9680
Type securityvulns
Reporter FULL-DISCLOSURE
Modified 2009-02-17T00:00:00

Description

LD_xxx environment variable are not cleared on 'login' execution, makeing it's possible to execute code witi root privileges. For remote exploitation it's required to have ability to upload the file to remote system (via FTP, Web, etc).