[原文]telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.
FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user submits a request for an arbitrary large file in the TERMCAP environment variable to telnetd, which consumes cpu resources as the server processes the request, and will result in loss of availability for the platform.
Upgrade to version 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable the telnet service in /etc/inetd.conf or use TCP wrappers.
Enabled telnet in /etc/inetd.conf (vulnerable):
telnet stream tcp nowait root /usr/libexec/telnetd telnetd
telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
Disabled telnet in /etc/inetd.conf (not vulnerable):
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd