[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-4862

Date: (C)2011-12-24   (M)2017-08-29
 
CVSS Score: 10.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Reference:
SECTRACK-1026460
SECTRACK-1026463
EXPLOIT-DB-18280
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
SECUNIA-46239
SECUNIA-47341
SECUNIA-47348
SECUNIA-47357
SECUNIA-47359
SECUNIA-47373
SECUNIA-47374
SECUNIA-47397
SECUNIA-47399
SECUNIA-47441
OSVDB-78020
DSA-2372
DSA-2373
DSA-2375
FEDORA-2011-17492
FEDORA-2011-17493
FreeBSD-SA-11:08
IAVM:2012-A-0056
MDVSA-2011:195
RHSA-2011:1851
RHSA-2011:1852
RHSA-2011:1853
RHSA-2011:1854
SUSE-SU-2012:0010
SUSE-SU-2012:0018
SUSE-SU-2012:0024
SUSE-SU-2012:0042
SUSE-SU-2012:0050
SUSE-SU-2012:0056
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
http://security.freebsd.org/patches/SA-11:08/telnetd.patch
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
multiple-telnetd-bo(71970)
openSUSE-SU-2012:0019
openSUSE-SU-2012:0051

CPE    5
cpe:/o:freebsd:freebsd:7.3
cpe:/o:freebsd:freebsd:8.1
cpe:/o:freebsd:freebsd:9.0
cpe:/o:freebsd:freebsd:8.2
...
CWE    1
CWE-119
OVAL    16
oval:org.secpod.oval:def:600644
oval:org.secpod.oval:def:600656
oval:org.secpod.oval:def:600630
oval:org.secpod.oval:def:201461
...

© 2013 SecPod Technologies