FreeBSD 'telnetd' Daemon Remote Buffer Overflow

Critical Nessus Plugin ID 57462

Synopsis

The telnet server has a remote buffer overflow vulnerability.

Description

A buffer overflow exists in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, and Heimdal 1.5.1 and earlier. The vulnerability also affects any 'telnetd' service derived from the FreeBSD codebase.
Successful exploitation could allow a remote attacker to execute arbitrary code via a long encryption key.

Note that this vulnerability has been exploited in the wild since December 2011.

Solution

Upgrade to the version specified in the vendor's advisory.

See Also

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt

Plugin Details

Severity: Critical

ID: 57462

File Name: telnetd_encrypt_overflow.nbin

Version: $Revision: 1.29 $

Type: remote

Published: 2012/01/09

Modified: 2018/05/21

Dependencies: 10280, 17975

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/12/23

Vulnerability Publication Date: 2011/12/23

Exploitable With

Core Impact

Metasploit (Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow)

ExploitHub (EH-11-760)

Reference Information

CVE: CVE-2011-4862

BID: 51182

DSA: 2372, 2373, 2375

FreeBSD: SA-11:08.telnetd

RHSA: 2011:1851, 2011:1852