CVE-2011-4862
HIGH severity · CVSS 10 · Buffer overflow
10CVSS HIGH
Summary
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)95%
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 ↗
Additional information
- NVD record
- http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592Patch
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.htmlAdvisory
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.htmlAdvisory
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.htmlAdvisory
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.htmlAdvisory
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.htmlAdvisory
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.htmlAdvisory