⚠ Exploited in the wild

Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2011-4862

CWE-120 — Classic Buffer Overflow CWE-130 CWE-119 — Buffer Overflow14 documents11 sources

Severity

10.0CRITICAL

EPSS

92.6%

top 0.26%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

GNU Inetutils Freebsd Freebsd Heimdal Project Heimdal +7 more

Timeline

PublishedDec 25

Latest updateMay 13

Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages11 packages

▶NVDmit/krb5-appl1.0.2

▶NVDgnu/inetutils< 1.9

▶Debiankrb5< 1.8+dfsg~aa+r23527-1+3

▶Debianheimdal< 1.5.dfsg.1-1+3

▶Debianinetutils< 2:1.8-6+3

Also affects: Debian Linux 5.0, 6.0, 7.0, Fedora 15, 16

Patches

Patch: git.savannah.gnu.org ↗Patch: security.freebsd.org ↗Patch: web.mit.edu ↗

🔴Vulnerability Details

GHSA

GHSA-x8cr-m6vm-pqh4: Buffer overflow in libtelnet/encrypt↗2022-05-13

▶

CVEList

CVE-2011-4862: Buffer overflow in libtelnet/encrypt↗2011-12-25

▶

OSV

CVE-2011-4862: Buffer overflow in libtelnet/encrypt↗2011-12-25

▶

VulnCheck

GNU inetutils Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')↗2011

▶

💥Exploits & PoCs

Exploit-DB

Linux BSD-derived Telnet Service Encryption Key ID - Remote Buffer Overflow (Metasploit)↗2012-01-14

▶

Exploit-DB

FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)↗2012-01-14

▶

Exploit-DB

TelnetD encrypt_keyid - Function Pointer Overwrite↗2011-12-26

▶

Exploit-DB

Douran 3.9.7.8 - File Download/Source Code Disclosure↗2011-03-20

▶

📋Vendor Advisories

Cisco

Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability↗2012-01-26

▶

Red Hat

krb5: telnet client and server encrypt_keyid heap-based buffer overflow↗2011-12-25

▶

BSD

FreeBSD-SA-11:08.telnetd: telnetd code execution vulnerability↗2011-12-23

▶

Debian

CVE-2011-4862: heimdal - Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MI...↗2011

▶

💬Community

Bugzilla

CVE-2011-4862 krb5: telnet client and server encrypt_keyid heap-based buffer overflow↗2011-12-26

▶