Oracle Solaris Third-Party Patch Update : telnet (cve_2011_4862_buffer_overflow)
Critical Nessus Plugin ID 80781
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. (CVE-2011-4862)
SolutionUpgrade to Solaris 11/11 SRU 04.