Vulnerability Details : CVE-2011-4862
Public exploit exists!
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-4862
- cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mit:krb5-appl:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
- cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*
Threat overview for CVE-2011-4862
Top countries where our scanners detected CVE-2011-4862
Top open port discovered on systems with this issue
21
IPs affected by CVE-2011-4862 749,410
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-4862!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-4862
92.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-4862
-
Telnet Service Encryption Key ID Overflow Detection
First seen: 2020-04-26auxiliary/scanner/telnet/telnet_encrypt_overflowDetect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd) Authors: - Jaime Penalba Estebanez <jpenalbae@gmail.com> - hdm <x@hdm.io> -
FreeBSD Telnet Service Encryption Key ID Buffer Overflow
Disclosure Date: 2011-12-23First seen: 2020-04-26exploit/freebsd/telnet/telnet_encrypt_keyidThis module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service. Authors: - Jaime Penalba Estebanez <jpenalbae@gmail.com> - Brandon Perry <bperry.volatile@gmail.com> - Dan Rosenberg - hdm <x@hdm.io> -
Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow
Disclosure Date: 2011-12-23First seen: 2020-04-26exploit/linux/telnet/telnet_encrypt_keyidThis module exploits a buffer overflow in the encryption option handler of the Linux BSD-derived telnet service (inetutils or krb5-telnet). Most Linux distributions use NetKit-derived telnet daemons, so this flaw only applies to a small subset of Linux systems runn
CVSS scores for CVE-2011-4862
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-4862
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4862
-
http://secunia.com/advisories/47373
Sign inThird Party Advisory
-
http://www.debian.org/security/2011/dsa-2375
Debian -- Security Information -- DSA-2375-1 krb5, krb5-applThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
[security-announce] SUSE-SU-2012:0050-1: important: Security update forMailing List;Third Party Advisory
-
http://www.exploit-db.com/exploits/18280/
TelnetD encrypt_keyid - Function Pointer Overwrite - Linux remote ExploitExploit;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
[security-announce] openSUSE-SU-2012:0051-1: important: krb5-appl: FixedMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
[security-announce] SUSE-SU-2012:0024-1: important: Security update forMailing List;Third Party Advisory
-
http://secunia.com/advisories/47357
Sign inThird Party Advisory
-
http://osvdb.org/78020
Broken Link
-
http://secunia.com/advisories/47341
Sign inThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
[security-announce] SUSE-SU-2012:0010-1: important: Security update forMailing List;Third Party Advisory
-
http://secunia.com/advisories/46239
Sign inThird Party Advisory
-
http://secunia.com/advisories/47374
Sign inThird Party Advisory
-
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
Mitigation;Vendor Advisory
-
http://www.securitytracker.com/id?1026460
FreeBSD Telnet Encryption Feature Buffer Overflow Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
inetutils.git - GNU InetutilsPatch;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195
mandriva.comThird Party Advisory
-
http://secunia.com/advisories/47397
Sign inThird Party Advisory
-
http://www.debian.org/security/2011/dsa-2373
Debian -- Security Information -- DSA-2373-1 inetutilsThird Party Advisory
-
http://www.securitytracker.com/id?1026463
Kerberos Telnet Encryption Feature Buffer Overflow Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
Merry Christmas from the FreeBSD Security TeamVendor Advisory
-
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
Patch;Vendor Advisory
-
http://secunia.com/advisories/47399
Sign inThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-1854.html
SupportThird Party Advisory
-
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
Merry Christmas from the FreeBSD Security TeamVendor Advisory
-
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
Merry Christmas from the FreeBSD Security TeamVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
[security-announce] SUSE-SU-2012:0056-1: important: Security update forMailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-1852.html
SupportThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
[SECURITY] Fedora 16 Update: krb5-appl-1.0.2-2.fc16Third Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
Broken Link
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
[security-announce] SUSE-SU-2012:0018-1: important: Security update forMailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-1851.html
SupportThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-1853.html
SupportThird Party Advisory
-
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
Merry Christmas from the FreeBSD Security TeamVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
[security-announce] SUSE-SU-2012:0042-1: important: Security update forMailing List;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
Multiple products telnetd buffer overflow CVE-2011-4862 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/47348
Sign inThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
[SECURITY] Fedora 15 Update: krb5-appl-1.0.1-8.fc15Third Party Advisory
-
http://www.debian.org/security/2011/dsa-2372
Debian -- Security Information -- DSA-2372-1 heimdalThird Party Advisory
-
http://security.freebsd.org/patches/SA-11:08/telnetd.patch
Patch;Vendor Advisory
-
http://secunia.com/advisories/47359
Sign inThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
[security-announce] openSUSE-SU-2012:0019-1: important: krb5-appl: FixedMailing List;Third Party Advisory
-
http://secunia.com/advisories/47441
Sign inThird Party Advisory
Jump to