Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2011-4862

Published: 25/12/2011 Updated: 09/02/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Gnu

Vulnerability Summary

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 up to and including 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and previous versions, Heimdal 1.5.1 and previous versions, GNU inetutils, and possibly other products allows remote malicious users to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu inetutils

heimdal project heimdal

mit krb5-appl

freebsd freebsd

fedoraproject fedora 15

fedoraproject fedora 16

debian debian linux 5.0

debian debian linux 6.0

debian debian linux 7.0

opensuse opensuse 11.3

opensuse opensuse 11.4

suse linux enterprise desktop 10

suse linux enterprise desktop 11

suse linux enterprise server 9

suse linux enterprise server 10

suse linux enterprise server 11

suse linux enterprise software development kit 10

suse linux enterprise software development kit 11

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2011-4862
Debian Bug report logs - #654231 CVE-2011-4862 Package: krb5-telnetd; Maintainer for krb5-telnetd is (unknown); Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Mon, 2 Jan 2012 13:48:15 UTC Severity: critical Tags: security Found in version krb5-appl/1:10~alpha1-1 Fixed in versions krb5-appl/1:101-12 ...
Red Hat: Critical: krb5 security update
Synopsis Critical: krb5 security update Type/Severity Security Advisory: Critical Topic Updated krb5 packages that fix one security issue are now available forRed Hat Enterprise Linux 3 Extended Life Cycle Support, 53 Long Life and56 Extended Update SupportThe Red Hat Security Response Team has rated this ...
Red Hat: Critical: krb5 security update
Synopsis Critical: krb5 security update Type/Severity Security Advisory: Critical Topic Updated krb5 packages that fix one security issue are now available forRed Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having Criticalsecurity impact A Common Vulnerability S ...
Red Hat: Critical: krb5-appl security update
Synopsis Critical: krb5-appl security update Type/Severity Security Advisory: Critical Topic Updated krb5-appl packages that fix one security issue are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingCritical security impact A Common Vulnerabili ...
Red Hat: Critical: krb5-appl security update
Synopsis Critical: krb5-appl security update Type/Severity Security Advisory: Critical Topic Updated krb5-appl packages that fix one security issue are now availablefor Red Hat Enterprise Linux 60 and 61 Extended Update SupportThe Red Hat Security Response Team has rated this update as having criticalsec ...
Debian Security Advisories: DSA-2375-1 krb5, krb5-appl -- buffer overflow
It was discovered that the encryption support for BSD telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet port to execute arbitrary code with root privileges For the oldstable distribution (lenny), this problem has been fixed in version 16dfsg4~beta1-5lenny7 of the krb5 package ...
Debian Security Advisories: DSA-2373-1 inetutils -- buffer overflow
It was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to TELNET to execute arbitrary code with root privileges For the oldstable distribution (lenny), this problem has been fixed in version 2:15dfsg1-9+lenny1 For the stable distribution (squeeze) ...
Cisco: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), Cisco Email Security Appliance (ESA), and Cisco Content Security Management Appliance (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges Cisco has released software updates that address this vulnerability ...

Exploits

Exploit DB: FreeBSD telnetd Remote Root
This python script tests for the remote root vulnerability in encryption support for telnetd on FreeBSD systems ...
Exploit DB: TelnetD encrypt_keyid - Function Pointer Overwrite
/*************************************************************************** * telnetd-encrypt_keyidc * * Mon Dec 26 20:37:05 CET 2011 * * Copyright 2011 Jaime Penalba Estebanez (NighterMan) * Copyright 2011 Gonzalo J Carracedo (BatchDrake) * * nighterman@painseccom - jpenalbae@gmailcom * BatchDrake@painseccom - ...
Exploit DB: FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)
## # $Id: $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = Gre ...
Exploit DB: Linux BSD-derived Telnet Service Encryption Key ID - Remote Buffer Overflow (Metasploit)
## # $Id: $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = Gre ...

Github Repositories

https://github.com/kpawar2410/CVE-2011-4862

Final Project for Security and Privacy CS 600.443

CVE-2011-4862 Final Project for Security and Privacy CS 600443 | Fall 2018 I originally tried to use diff to make a patch I patched it the way I thought it would be, before looking at the real patch encryptpatch is this original patch that I made with teh diff However, when we tried applying this patch to freeBSD, it would not accept it Instead, I had to fetch the real pa

https://github.com/hdbreaker/GO-CVE-2011-4862

Go Exploit for CVE-2011-4862

CVE-2011-4862 GO Exploit for CVE-2011-4862 Cross Compile with: GOOS=linux GOARCH=arm go build maingo

https://github.com/lmendiboure/OC_SECU

TP : Introduction à la sécurité dans l'Internet des Objets (IoT) Le but de ce TP est de vous offrir une petite introduction à la sécurité dans l'environnement IoT Note : A la fin de la scéance, pensez à m'envoyer un compte-rendu (court) répondant aux différentes questions présentes dans

https://github.com/lol-fi/cve-2011-4862

cve-2011-4862 I originally tried to use diff to make a patch I patched it the way I thought it would be, before looking at the real patch encryptpatch is this original patch that I made with teh diff However, when we tried applying this patch to freeBSD, it would not accept it Instead, we had to fetch the real patch I then changed the patch to implement the fix the way I

Recent Articles

Cisco patches three-year-old remote code-execution hole
The Register • Darren Pauli • 24 Oct 2014

Patch or kill Telnet

A three-year-old dangerous remote code execution hole affecting Cisco kit has been patched. Researcher Glafkos Charalambous discovered the Telnet vulnerability (CVE-2011-4862), which was first reported by the FreeBSD Project in 2011. It was left unpatched up prior to 15 October this year in Cisco appliances. The International Business Schools IT manager found the bug in the AsyncOS software in all versions of Cisco's web, email and content security management appliances. Cisco warned customers w...

Read more...

References

CWE-120http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.htmlhttp://security.freebsd.org/patches/SA-11:08/telnetd.patchhttp://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.aschttp://www.redhat.com/support/errata/RHSA-2011-1851.htmlhttp://secunia.com/advisories/47341http://www.redhat.com/support/errata/RHSA-2011-1852.htmlhttp://secunia.com/advisories/47397http://www.debian.org/security/2011/dsa-2372http://secunia.com/advisories/47374http://secunia.com/advisories/47359http://secunia.com/advisories/47399http://osvdb.org/78020http://secunia.com/advisories/47357http://www.debian.org/security/2011/dsa-2375http://secunia.com/advisories/47348http://www.mandriva.com/security/advisories?name=MDVSA-2011:195http://www.securitytracker.com/id?1026460http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txthttp://www.debian.org/security/2011/dsa-2373http://secunia.com/advisories/47373http://www.redhat.com/support/errata/RHSA-2011-1854.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.htmlhttp://secunia.com/advisories/47441http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1853.htmlhttp://archives.neohapsis.com/archives/bugtraq/2011-12/0172.htmlhttp://secunia.com/advisories/46239http://www.securitytracker.com/id?1026463http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592http://www.exploit-db.com/exploits/18280/https://exchange.xforce.ibmcloud.com/vulnerabilities/71970https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654231https://nvd.nist.govhttps://www.exploit-db.com/exploits/18280/https://github.com/kpawar2410/CVE-2011-4862http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironporthttps://www.debian.org/security/./dsa-2375
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook