Vulnerability Details CVE-2011-4862
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.924
EPSS Ranking 99.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
- http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
- http://osvdb.org/78020
- http://secunia.com/advisories/46239
- http://secunia.com/advisories/47341
- http://secunia.com/advisories/47348
- http://secunia.com/advisories/47357
- http://secunia.com/advisories/47359
- http://secunia.com/advisories/47373
- http://secunia.com/advisories/47374
- http://secunia.com/advisories/47397
- http://secunia.com/advisories/47399
- http://secunia.com/advisories/47441
- http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
- http://security.freebsd.org/patches/SA-11:08/telnetd.patch
- http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
- http://www.debian.org/security/2011/dsa-2372
- http://www.debian.org/security/2011/dsa-2373
- http://www.debian.org/security/2011/dsa-2375
- http://www.exploit-db.com/exploits/18280/
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:195
- http://www.redhat.com/support/errata/RHSA-2011-1851.html
- http://www.redhat.com/support/errata/RHSA-2011-1852.html
- http://www.redhat.com/support/errata/RHSA-2011-1853.html
- http://www.redhat.com/support/errata/RHSA-2011-1854.html
- http://www.securitytracker.com/id?1026460
- http://www.securitytracker.com/id?1026463
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
- http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
- http://osvdb.org/78020
- http://secunia.com/advisories/46239
- http://secunia.com/advisories/47341
- http://secunia.com/advisories/47348
- http://secunia.com/advisories/47357
- http://secunia.com/advisories/47359
- http://secunia.com/advisories/47373
- http://secunia.com/advisories/47374
- http://secunia.com/advisories/47397
- http://secunia.com/advisories/47399
- http://secunia.com/advisories/47441
- http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
- http://security.freebsd.org/patches/SA-11:08/telnetd.patch
- http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
- http://www.debian.org/security/2011/dsa-2372
- http://www.debian.org/security/2011/dsa-2373
- http://www.debian.org/security/2011/dsa-2375
- http://www.exploit-db.com/exploits/18280/
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:195
- http://www.redhat.com/support/errata/RHSA-2011-1851.html
- http://www.redhat.com/support/errata/RHSA-2011-1852.html
- http://www.redhat.com/support/errata/RHSA-2011-1853.html
- http://www.redhat.com/support/errata/RHSA-2011-1854.html
- http://www.securitytracker.com/id?1026460
- http://www.securitytracker.com/id?1026463
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
Products affected by CVE-2011-4862
-
cpe:2.3:a:gnu:inetutils:-
-
cpe:2.3:a:gnu:inetutils:1.3.2
-
cpe:2.3:a:gnu:inetutils:1.3a
-
cpe:2.3:a:gnu:inetutils:1.3b
-
cpe:2.3:a:gnu:inetutils:1.4.0
-
cpe:2.3:a:gnu:inetutils:1.4.1
-
cpe:2.3:a:gnu:inetutils:1.4.2
-
cpe:2.3:a:gnu:inetutils:1.5
-
cpe:2.3:a:gnu:inetutils:1.6
-
cpe:2.3:a:gnu:inetutils:1.7
-
cpe:2.3:a:gnu:inetutils:1.8
-
cpe:2.3:a:heimdal_project:heimdal:0.0j
-
cpe:2.3:a:heimdal_project:heimdal:0.0k
-
cpe:2.3:a:heimdal_project:heimdal:0.0l
-
cpe:2.3:a:heimdal_project:heimdal:0.0m
-
cpe:2.3:a:heimdal_project:heimdal:0.0n
-
cpe:2.3:a:heimdal_project:heimdal:0.0o
-
cpe:2.3:a:heimdal_project:heimdal:0.0p
-
cpe:2.3:a:heimdal_project:heimdal:0.0q
-
cpe:2.3:a:heimdal_project:heimdal:0.0r
-
cpe:2.3:a:heimdal_project:heimdal:0.0s
-
cpe:2.3:a:heimdal_project:heimdal:0.0t
-
cpe:2.3:a:heimdal_project:heimdal:0.0u
-
cpe:2.3:a:heimdal_project:heimdal:0.1a
-
cpe:2.3:a:heimdal_project:heimdal:0.1b
-
cpe:2.3:a:heimdal_project:heimdal:0.1c
-
cpe:2.3:a:heimdal_project:heimdal:0.1d
-
cpe:2.3:a:heimdal_project:heimdal:0.1e
-
cpe:2.3:a:heimdal_project:heimdal:0.1f
-
cpe:2.3:a:heimdal_project:heimdal:0.1g
-
cpe:2.3:a:heimdal_project:heimdal:0.1h
-
cpe:2.3:a:heimdal_project:heimdal:0.1i
-
cpe:2.3:a:heimdal_project:heimdal:0.1j
-
cpe:2.3:a:heimdal_project:heimdal:0.1k
-
cpe:2.3:a:heimdal_project:heimdal:0.1l
-
cpe:2.3:a:heimdal_project:heimdal:0.1m
-
cpe:2.3:a:heimdal_project:heimdal:0.2a
-
cpe:2.3:a:heimdal_project:heimdal:0.2b
-
cpe:2.3:a:heimdal_project:heimdal:0.2c
-
cpe:2.3:a:heimdal_project:heimdal:0.2d
-
cpe:2.3:a:heimdal_project:heimdal:0.2e
-
cpe:2.3:a:heimdal_project:heimdal:0.2f
-
cpe:2.3:a:heimdal_project:heimdal:0.2g
-
cpe:2.3:a:heimdal_project:heimdal:0.2h
-
cpe:2.3:a:heimdal_project:heimdal:0.2i
-
cpe:2.3:a:heimdal_project:heimdal:0.2j
-
cpe:2.3:a:heimdal_project:heimdal:0.2k
-
cpe:2.3:a:heimdal_project:heimdal:0.2l
-
cpe:2.3:a:heimdal_project:heimdal:0.2m
-
cpe:2.3:a:heimdal_project:heimdal:0.2n
-
cpe:2.3:a:heimdal_project:heimdal:0.2o
-
cpe:2.3:a:heimdal_project:heimdal:0.2p
-
cpe:2.3:a:heimdal_project:heimdal:0.2q
-
cpe:2.3:a:heimdal_project:heimdal:0.2r
-
cpe:2.3:a:heimdal_project:heimdal:0.2s
-
cpe:2.3:a:heimdal_project:heimdal:0.2t
-
cpe:2.3:a:heimdal_project:heimdal:0.3a
-
cpe:2.3:a:heimdal_project:heimdal:0.3b
-
cpe:2.3:a:heimdal_project:heimdal:0.3c
-
cpe:2.3:a:heimdal_project:heimdal:0.3d
-
cpe:2.3:a:heimdal_project:heimdal:0.3e
-
cpe:2.3:a:heimdal_project:heimdal:0.3f
-
cpe:2.3:a:heimdal_project:heimdal:0.4.d
-
cpe:2.3:a:heimdal_project:heimdal:0.4.e
-
cpe:2.3:a:heimdal_project:heimdal:0.4.f
-
cpe:2.3:a:heimdal_project:heimdal:0.4a
-
cpe:2.3:a:heimdal_project:heimdal:0.4b
-
cpe:2.3:a:heimdal_project:heimdal:0.4c
-
cpe:2.3:a:heimdal_project:heimdal:0.5
-
cpe:2.3:a:heimdal_project:heimdal:0.5.1
-
cpe:2.3:a:heimdal_project:heimdal:0.5.2
-
cpe:2.3:a:heimdal_project:heimdal:0.5.3
-
cpe:2.3:a:heimdal_project:heimdal:0.6
-
cpe:2.3:a:heimdal_project:heimdal:0.6.1
-
cpe:2.3:a:heimdal_project:heimdal:0.6.2
-
cpe:2.3:a:heimdal_project:heimdal:0.6.3
-
cpe:2.3:a:heimdal_project:heimdal:0.6.4
-
cpe:2.3:a:heimdal_project:heimdal:0.6.5
-
cpe:2.3:a:heimdal_project:heimdal:0.6.6
-
cpe:2.3:a:heimdal_project:heimdal:0.7
-
cpe:2.3:a:heimdal_project:heimdal:0.7.1
-
cpe:2.3:a:heimdal_project:heimdal:0.7.2
-
cpe:2.3:a:heimdal_project:heimdal:0.8
-
cpe:2.3:a:heimdal_project:heimdal:0.8.1
-
cpe:2.3:a:heimdal_project:heimdal:0.9
-
cpe:2.3:a:heimdal_project:heimdal:1.0.0
-
cpe:2.3:a:heimdal_project:heimdal:1.0.1
-
cpe:2.3:a:heimdal_project:heimdal:1.0.2
-
cpe:2.3:a:heimdal_project:heimdal:1.1.0
-
cpe:2.3:a:heimdal_project:heimdal:1.2.0
-
cpe:2.3:a:heimdal_project:heimdal:1.2.1
-
cpe:2.3:a:heimdal_project:heimdal:1.3.0
-
cpe:2.3:a:heimdal_project:heimdal:1.3.1
-
cpe:2.3:a:heimdal_project:heimdal:1.3.2
-
cpe:2.3:a:heimdal_project:heimdal:1.3.3
-
cpe:2.3:a:heimdal_project:heimdal:1.4.0
-
cpe:2.3:a:heimdal_project:heimdal:1.4.1
-
cpe:2.3:a:heimdal_project:heimdal:1.5.0
-
cpe:2.3:a:heimdal_project:heimdal:1.5.1
-
cpe:2.3:a:mit:krb5-appl:1.0
-
cpe:2.3:a:mit:krb5-appl:1.0.1
-
cpe:2.3:a:mit:krb5-appl:1.0.2
-
cpe:2.3:o:debian:debian_linux:5.0
-
cpe:2.3:o:debian:debian_linux:6.0
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:fedoraproject:fedora:15
-
cpe:2.3:o:fedoraproject:fedora:16
-
cpe:2.3:o:freebsd:freebsd:7.3
-
cpe:2.3:o:freebsd:freebsd:7.4
-
cpe:2.3:o:freebsd:freebsd:8.0
-
cpe:2.3:o:freebsd:freebsd:8.1
-
cpe:2.3:o:freebsd:freebsd:8.2
-
cpe:2.3:o:freebsd:freebsd:8.3
-
cpe:2.3:o:freebsd:freebsd:8.4
-
cpe:2.3:o:freebsd:freebsd:9.0
-
cpe:2.3:o:opensuse:opensuse:11.3
-
cpe:2.3:o:opensuse:opensuse:11.4
-
cpe:2.3:o:suse:linux_enterprise_desktop:10
-
cpe:2.3:o:suse:linux_enterprise_desktop:11
-
cpe:2.3:o:suse:linux_enterprise_server:10
-
cpe:2.3:o:suse:linux_enterprise_server:11
-
cpe:2.3:o:suse:linux_enterprise_server:9
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11