CVE-2011-4862: Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal…

critical10CVSS 3.1

AVNACLAuNCCICAC

ITWEXPLOIT

Exploited in the wild

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Affected

37 ranges· showing 25

Vendor	Product	Version range	Fixed in
cisco	ironport_appliances_telnet	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	heimdal	< heimdal 1.5.dfsg.1-1 (bookworm)	heimdal 1.5.dfsg.1-1 (bookworm)
debian	inetutils	< heimdal 1.5.dfsg.1-1 (bookworm)	heimdal 1.5.dfsg.1-1 (bookworm)
debian	krb5	< heimdal 1.5.dfsg.1-1 (bookworm)	heimdal 1.5.dfsg.1-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
freebsd	freebsd	7.3 – 9.0	—
gnu	inetutils	< 1.9	1.9
gnu	inetutils	>= 0 < 2:1.8-6	2:1.8-6
gnu	inetutils	>= 0 < 2:1.8-6	2:1.8-6
gnu	inetutils	>= 0 < 2:1.8-6	2:1.8-6
gnu	inetutils	>= 0 < 2:1.8-6	2:1.8-6
heimdal_project	heimdal	<= 1.5.1	—
heimdal_project	heimdal	>= 0 < 1.5.dfsg.1-1	1.5.dfsg.1-1
heimdal_project	heimdal	>= 0 < 1.5.dfsg.1-1	1.5.dfsg.1-1
heimdal_project	heimdal	>= 0 < 1.5.dfsg.1-1	1.5.dfsg.1-1
heimdal_project	heimdal	>= 0 < 1.5.dfsg.1-1	1.5.dfsg.1-1
mit	krb5	>= 0 < 1.8+dfsg~aa+r23527-1	1.8+dfsg~aa+r23527-1
mit	krb5	>= 0 < 1.8+dfsg~aa+r23527-1	1.8+dfsg~aa+r23527-1
mit	krb5	>= 0 < 1.8+dfsg~aa+r23527-1	1.8+dfsg~aa+r23527-1
mit	krb5	>= 0 < 1.8+dfsg~aa+r23527-1	1.8+dfsg~aa+r23527-1
mit	krb5-appl	<= 1.0.2	—

CVSS provenance

nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C

osv10.0CRITICAL

vulncheck10.0CRITICAL