10

CVE-2011-4862

Exploit
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuInetutils Version < 1.9
Heimdal ProjectHeimdal Version <= 1.5.1
MitKrb5-appl Version <= 1.0.2
FreebsdFreebsd Version >= 7.3 <= 9.0
FedoraprojectFedora Version15
FedoraprojectFedora Version16
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
OpensuseOpensuse Version11.3
OpensuseOpensuse Version11.4
SuseLinux Enterprise Desktop Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Desktop Version11 Updatesp1
SuseLinux Enterprise Server Version10 Updatesp2
SuseLinux Enterprise Server Version10 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Server Version11 Updatesp1 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp1 SwEdition- SwPlatformvmware
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 95.1% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
Third Party Advisory
Mailing List
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
Broken Link
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
Patch
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
Third Party Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
Vendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
Vendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
Vendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
Third Party Advisory
Mailing List
http://osvdb.org/78020
Broken Link
http://secunia.com/advisories/46239
Third Party Advisory
http://secunia.com/advisories/47341
Third Party Advisory
http://secunia.com/advisories/47348
Third Party Advisory
http://secunia.com/advisories/47357
Third Party Advisory
http://secunia.com/advisories/47359
Third Party Advisory
http://secunia.com/advisories/47373
Third Party Advisory
http://secunia.com/advisories/47374
Third Party Advisory
http://secunia.com/advisories/47397
Third Party Advisory
http://secunia.com/advisories/47399
Third Party Advisory
http://secunia.com/advisories/47441
Third Party Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
Vendor Advisory
Mitigation
http://security.freebsd.org/patches/SA-11:08/telnetd.patch
Patch
Vendor Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
Patch
Vendor Advisory
http://www.debian.org/security/2011/dsa-2372
Third Party Advisory
http://www.debian.org/security/2011/dsa-2373
Third Party Advisory
http://www.debian.org/security/2011/dsa-2375
Third Party Advisory
http://www.exploit-db.com/exploits/18280/
Third Party Advisory
Exploit
VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1851.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1852.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1853.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1854.html
Third Party Advisory
http://www.securitytracker.com/id?1026460
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026463
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
Third Party Advisory
VDB Entry