CVE-2011-4862

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

References

http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html

http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592

http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html

http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html

http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html

http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html

http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html

http://osvdb.org/78020

http://secunia.com/advisories/46239

http://secunia.com/advisories/47341

http://secunia.com/advisories/47348

http://secunia.com/advisories/47357

http://secunia.com/advisories/47359

http://secunia.com/advisories/47373

http://secunia.com/advisories/47374

http://secunia.com/advisories/47397

http://secunia.com/advisories/47399

http://secunia.com/advisories/47441

http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc

http://security.freebsd.org/patches/SA-11:08/telnetd.patch

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt

http://www.debian.org/security/2011/dsa-2372

http://www.debian.org/security/2011/dsa-2373

http://www.debian.org/security/2011/dsa-2375

http://www.exploit-db.com/exploits/18280/

http://www.mandriva.com/security/advisories?name=MDVSA-2011:195

http://www.redhat.com/support/errata/RHSA-2011-1851.html

http://www.redhat.com/support/errata/RHSA-2011-1852.html

http://www.redhat.com/support/errata/RHSA-2011-1853.html

http://www.redhat.com/support/errata/RHSA-2011-1854.html

http://www.securitytracker.com/id?1026460

http://www.securitytracker.com/id?1026463

https://exchange.xforce.ibmcloud.com/vulnerabilities/71970

Details

Source: MITRE

Published: 2011-12-25

Updated: 2021-02-09

Type: CWE-120

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
89107VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0006) (remote check)NessusMisc.
critical
80781Oracle Solaris Third-Party Patch Update : telnet (cve_2011_4862_buffer_overflow)NessusSolaris Local Security Checks
critical
79475OracleVM 2.2 : krb5 (OVMSA-2011-0015)NessusOracleVM Local Security Checks
low
79273Cisco Web Security Appliance Telnet Remote Code Execution (cisco-sa-20120126-ironport)NessusCISCO
critical
79272Cisco Content Security Management Appliance Telnet Remote Code Execution (cisco-sa-20120126-ironport)NessusCISCO
critical
79271Cisco Email Security Appliance Telnet Remote Code Execution (cisco-sa-20120126-ironport)NessusCISCO
critical
75886openSUSE Security Update : krb5-appl (openSUSE-SU-2012:0019-1)NessusSuSE Local Security Checks
critical
75564openSUSE Security Update : krb5-appl (openSUSE-SU-2012:0019-1)NessusSuSE Local Security Checks
critical
74578openSUSE Security Update : krb5-appl (openSUSE-2012-17)NessusSuSE Local Security Checks
critical
68413Oracle Linux 6 : krb5-appl (ELSA-2011-1852)NessusOracle Linux Local Security Checks
critical
68412Oracle Linux 4 / 5 : krb5 (ELSA-2011-1851)NessusOracle Linux Local Security Checks
critical
64018RHEL 6 : krb5-appl (RHSA-2011:1854)NessusRed Hat Local Security Checks
critical
64017RHEL 5 : krb5 (RHSA-2011:1853)NessusRed Hat Local Security Checks
critical
61214Scientific Linux Security Update : krb5 on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
61213Scientific Linux Security Update : krb5-appl on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
58535VMSA-2012-0006 : VMware Workstation, ESXi, and ESX address several security issuesNessusVMware ESX Local Security Checks
high
58101GLSA-201202-05 : Heimdal: Arbitrary code executionNessusGentoo Local Security Checks
critical
57656GLSA-201201-14 : MIT Kerberos 5 Applications: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
57515Debian DSA-2375-1 : krb5, krb5-appl - buffer overflowNessusDebian Local Security Checks
critical
57513Debian DSA-2373-1 : inetutils - buffer overflowNessusDebian Local Security Checks
critical
57512Debian DSA-2372-1 : heimdal - buffer overflowNessusDebian Local Security Checks
critical
57462FreeBSD 'telnetd' Daemon Remote Buffer OverflowNessusGain a shell remotely
critical
57443Fedora 16 : krb5-appl-1.0.2-2.fc16 (2011-17493)NessusFedora Local Security Checks
critical
57442Fedora 15 : krb5-appl-1.0.1-8.fc15 (2011-17492)NessusFedora Local Security Checks
critical
57431SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 7899)NessusSuSE Local Security Checks
critical
57430SuSE 11.1 Security Update : Kerberos 5 (SAT Patch Number 5594)NessusSuSE Local Security Checks
critical
57412Mandriva Linux Security Advisory : krb5-appl (MDVSA-2011:195)NessusMandriva Local Security Checks
critical
57409RHEL 6 : krb5-appl (RHSA-2011:1852)NessusRed Hat Local Security Checks
critical
57408RHEL 4 / 5 : krb5 (RHSA-2011:1851)NessusRed Hat Local Security Checks
critical
57406CentOS 6 : krb5-appl (CESA-2011:1852)NessusCentOS Local Security Checks
critical
57405CentOS 4 / 5 : krb5 (CESA-2011:1851)NessusCentOS Local Security Checks
critical
57403FreeBSD : krb5-appl -- telnetd code execution vulnerability (4ddc78dc-300a-11e1-a2aa-0016ce01e285)NessusFreeBSD Local Security Checks
critical