CVE - CVE-2011-4862

CVE-ID
CVE-2011-4862	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] URL:http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html CONFIRM:http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 CONFIRM:http://security.freebsd.org/patches/SA-11:08/telnetd.patch CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt DEBIAN:DSA-2372 URL:http://www.debian.org/security/2011/dsa-2372 DEBIAN:DSA-2373 URL:http://www.debian.org/security/2011/dsa-2373 DEBIAN:DSA-2375 URL:http://www.debian.org/security/2011/dsa-2375 EXPLOIT-DB:18280 URL:http://www.exploit-db.com/exploits/18280/ FEDORA:FEDORA-2011-17492 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html FEDORA:FEDORA-2011-17493 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html FREEBSD:FreeBSD-SA-11:08 URL:http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc MANDRIVA:MDVSA-2011:195 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:195~~ (Obsolete source) MLIST:[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team URL:http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html MLIST:[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team URL:http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html MLIST:[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team URL:http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html MLIST:[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team URL:http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html OSVDB:78020 URL:~~http://osvdb.org/78020~~ (Obsolete source) REDHAT:RHSA-2011:1851 URL:http://www.redhat.com/support/errata/RHSA-2011-1851.html REDHAT:RHSA-2011:1852 URL:http://www.redhat.com/support/errata/RHSA-2011-1852.html REDHAT:RHSA-2011:1853 URL:http://www.redhat.com/support/errata/RHSA-2011-1853.html REDHAT:RHSA-2011:1854 URL:http://www.redhat.com/support/errata/RHSA-2011-1854.html SECTRACK:1026460 URL:http://www.securitytracker.com/id?1026460 SECTRACK:1026463 URL:http://www.securitytracker.com/id?1026463 SECUNIA:46239 URL:http://secunia.com/advisories/46239 SECUNIA:47341 URL:http://secunia.com/advisories/47341 SECUNIA:47348 URL:http://secunia.com/advisories/47348 SECUNIA:47357 URL:http://secunia.com/advisories/47357 SECUNIA:47359 URL:http://secunia.com/advisories/47359 SECUNIA:47373 URL:http://secunia.com/advisories/47373 SECUNIA:47374 URL:http://secunia.com/advisories/47374 SECUNIA:47397 URL:http://secunia.com/advisories/47397 SECUNIA:47399 URL:http://secunia.com/advisories/47399 SECUNIA:47441 URL:http://secunia.com/advisories/47441 SUSE:SUSE-SU-2012:0010 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html SUSE:SUSE-SU-2012:0018 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html SUSE:SUSE-SU-2012:0024 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html SUSE:SUSE-SU-2012:0042 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html SUSE:SUSE-SU-2012:0050 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html SUSE:SUSE-SU-2012:0056 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html SUSE:openSUSE-SU-2012:0019 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html SUSE:openSUSE-SU-2012:0051 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html XF:multiple-telnetd-bo(71970) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
Assigning CNA
FreeBSD
Date Record Created
20111219	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20111219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)