CVE-2011-4862 : Detail

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 18369

Publication date : 2012-01-13 23h00 +00:00
Author : Metasploit
EDB Verified : Yes

Exploit Database EDB-ID : 18368

Publication date : 2012-01-13 23h00 +00:00
Author : Metasploit
EDB Verified : Yes

Exploit Database EDB-ID : 18280

Publication date : 2011-12-25 23h00 +00:00
Author : NighterMan & BatchDrake
EDB Verified : Yes

Products Mentioned

Configuraton 0

Gnu>>Inetutils >> Version To (excluding) 1.9

Heimdal_project>>Heimdal >> Version To (including) 1.5.1

Mit>>Krb5-appl >> Version To (including) 1.0.2

Freebsd>>Freebsd >> Version From (including) 7.3 To (including) 9.0

Configuraton 0

Fedoraproject>>Fedora >> Version 15

Fedoraproject>>Fedora >> Version 16

Configuraton 0

Debian>>Debian_linux >> Version 5.0

Debian>>Debian_linux >> Version 6.0

Debian>>Debian_linux >> Version 7.0

Configuraton 0

Opensuse>>Opensuse >> Version 11.3

Opensuse>>Opensuse >> Version 11.4

Suse>>Linux_enterprise_desktop >> Version 10

Suse>>Linux_enterprise_desktop >> Version 11

Suse>>Linux_enterprise_server >> Version 9

Suse>>Linux_enterprise_server >> Version 10

Suse>>Linux_enterprise_server >> Version 10

Suse>>Linux_enterprise_server >> Version 10

Suse>>Linux_enterprise_server >> Version 11

Suse>>Linux_enterprise_server >> Version 11

Suse>>Linux_enterprise_software_development_kit >> Version 10

Suse>>Linux_enterprise_software_development_kit >> Version 11

References