FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Possible login(1) argument injection in telnetd(8)

Affected packages
11.0 <= FreeBSD < 11.0_4
10.3 <= FreeBSD < 10.3_13
10.2 <= FreeBSD < 10.2_26
10.1 <= FreeBSD < 10.1_43
9.3 <= FreeBSD < 9.3_51

Details

VuXML ID e00304d2-bbed-11e6-b1cf-14dae9d210b8
Discovery 2016-12-06
Entry 2016-12-06

Problem Description:

An unexpected sequence of memory allocation failures combined with insufficient error checking could result in the construction and execution of an argument sequence that was not intended.

Impact:

An attacker who controls the sequence of memory allocation failures and success may cause login(1) to run without authentication and may be able to cause misbehavior of login(1) replacements.

No practical way of controlling these memory allocation failures is known at this time.

References

CVE Name CVE-2016-1888
FreeBSD Advisory SA-16:36.telnetd

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.