Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4862

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-4862
Last Modified 17 Jul 2013 12:31:33
Published 24 Dec 2011 08:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4862

Summary

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Vulnerable Systems

Operating System

  • Freebsd 7.3

  • Freebsd 8.0

  • Freebsd 8.1

  • Freebsd 8.2

  • Freebsd 9.0

Application

  • H5l Heimdal 1.5.1

  • Mit Krb5-appl 1.02


References

CONFIRM - http://security.freebsd.org/patches/SA-11:08/telnetd.patch

FREEBSD - FreeBSD-SA-11:08

MLIST - [freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team

XF - multiple-telnetd-bo(71970)

SECTRACK - 1026460

REDHAT - RHSA-2011:1852

REDHAT - RHSA-2011:1851

MANDRIVA - MDVSA-2011:195

EXPLOIT-DB - 18280

DEBIAN - DSA-2375

DEBIAN - DSA-2373

DEBIAN - DSA-2372

CONFIRM - http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt

SECUNIA - 47399

SECUNIA - 47397

SECUNIA - 47374

SECUNIA - 47373

SECUNIA - 47359

SECUNIA - 47357

SECUNIA - 47348

SECUNIA - 47341

OSVDB - 78020

REDHAT - RHSA-2011:1854

SUSE - openSUSE-SU-2012:0051

SUSE - SUSE-SU-2012:0050

SUSE - SUSE-SU-2012:0042

SUSE - openSUSE-SU-2012:0019

SUSE - SUSE-SU-2012:0018

SUSE - SUSE-SU-2012:0010

SECUNIA - 47441

SUSE - SUSE-SU-2012:0056

SUSE - SUSE-SU-2012:0024

FEDORA - FEDORA-2011-17493

FEDORA - FEDORA-2011-17492

SECTRACK - 1026463

REDHAT - RHSA-2011:1853

SECUNIA - 46239

CONFIRM - http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592

BUGTRAQ - 20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]

Related Patches

Red Hat 2011:1851-02 RHSA Critical: krb5 security update for RHEL 4 x86

Red Hat 2011:1851-02 RHSA Critical: krb5 security update for RHEL 5 x86

Red Hat 2011:1851-02 RHSA Critical: krb5 security update for RHEL 5 x86_64

Red Hat 2011:1851-02 RHSA Critical: krb5 security update for RHEL 4 x86_64

Novell SUSE 2011:5594 krb5 security update for SLE 11 SP1 i586

Novell SUSE 2011:5594 krb5 security update for SLE 11 SP1 x86_64

Novell SUSE 2011:7899 krb5 security update for SLE 10 SP4 i586

Novell SUSE 2011:7899 krb5 security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:27