The FreeBSD libmytinfo library is a terminal emulator used by the system to manage user terminals. A buffer overflow in this library allows local users to execute commands via a long TERMCAP environmental variable, potentially leading to unauthorized access and system compromise.
You're affected if you use FreeBSD version 4.7 and earlier (not specified). Check with: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc or find / -name "libmytinfo.a".
Note: This CVE is specific to FreeBSD 4.7 and earlier, which may not be widely used or recognized outside of the FreeBSD community. If you don't recognize the name, you're probably not affected.
Upgrade to FreeBSD 5.0 or later (available at https://www.freebsd.org/relnotes/freebsd-5.html).
- Immediate mitigations:
- Disable TERMCAP environmental variables.
- Monitor system logs for suspicious activity.