CVE-2011-4862
Description
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
TelnetD encrypt_keyid - Function Pointer Overwrite
FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)
Linux BSD-derived Telnet Service Encryption Key ID - Remote Buffer Overflow (Metasploit)
Metasploit modules
OS impact
Fedora Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 16 | Affected | โ |
| 15 | Affected | โ |
FreeBSD Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
SUSE Affected 5 releases
| Version | Status | Fixed in |
|---|---|---|
| 11.4 | Affected | โ |
| 11.3 | Affected | โ |
| 11 | Affected | โ |
| 10 | Affected | โ |
| 9 | Affected | โ |
Debian Mixed 8 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 1.5.dfsg.1-1 |
| sid | Fixed | 1.5.dfsg.1-1 |
| forky | Fixed | 1.5.dfsg.1-1 |
| bullseye | Fixed | 1.5.dfsg.1-1 |
| bookworm | Fixed | 1.5.dfsg.1-1 |
| 7.0 | Affected | โ |
| 6.0 | Affected | โ |
| 5.0 | Affected | โ |
References
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
- http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
- http://osvdb.org/78020
- http://secunia.com/advisories/46239
- http://secunia.com/advisories/47341
- http://secunia.com/advisories/47348
- http://secunia.com/advisories/47357
- http://secunia.com/advisories/47359
- http://secunia.com/advisories/47373
- http://secunia.com/advisories/47374
- http://secunia.com/advisories/47397
CWEs
CWE-120
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.