Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 up to and including 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and previous versions, Heimdal 1.5.1 and previous versions, GNU inetutils, and possibly other products allows remote malicious users to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu inetutils |
||
heimdal project heimdal |
||
mit krb5-appl |
||
freebsd freebsd |
||
fedoraproject fedora 15 |
||
fedoraproject fedora 16 |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |
||
debian debian linux 7.0 |
||
opensuse opensuse 11.3 |
||
opensuse opensuse 11.4 |
||
suse linux enterprise desktop 10 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 9 |
||
suse linux enterprise server 10 |
||
suse linux enterprise server 11 |
||
suse linux enterprise software development kit 10 |
||
suse linux enterprise software development kit 11 |
Patch or kill Telnet
A three-year-old dangerous remote code execution hole affecting Cisco kit has been patched. Researcher Glafkos Charalambous discovered the Telnet vulnerability (CVE-2011-4862), which was first reported by the FreeBSD Project in 2011. It was left unpatched up prior to 15 October this year in Cisco appliances. The International Business Schools IT manager found the bug in the AsyncOS software in all versions of Cisco's web, email and content security management appliances. Cisco warned customers w...