10
CVE-2011-4862
- EPSS 95.1%
- Veröffentlicht 25.12.2011 01:55:02
- Zuletzt bearbeitet 16.06.2026 23:35:31
- Quelle secteam@freebsd.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Heimdal Project ≫ Heimdal Version <= 1.5.1
Fedoraproject ≫ Fedora Version15
Fedoraproject ≫ Fedora Version16
Debian ≫ Debian Linux Version5.0
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Desktop Version11 Updatesp1
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp2
Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEditionltss
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEdition- SwPlatformvmware
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 95.1% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
http://osvdb.org/78020
http://secunia.com/advisories/46239
http://secunia.com/advisories/47341
http://secunia.com/advisories/47348
http://secunia.com/advisories/47357
http://secunia.com/advisories/47359
http://secunia.com/advisories/47373
http://secunia.com/advisories/47374
http://secunia.com/advisories/47397
http://secunia.com/advisories/47399
http://secunia.com/advisories/47441
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
http://security.freebsd.org/patches/SA-11:08/telnetd.patch
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
http://www.debian.org/security/2011/dsa-2372
http://www.debian.org/security/2011/dsa-2373
http://www.debian.org/security/2011/dsa-2375
http://www.exploit-db.com/exploits/18280/
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195
http://www.redhat.com/support/errata/RHSA-2011-1851.html
http://www.redhat.com/support/errata/RHSA-2011-1852.html
http://www.redhat.com/support/errata/RHSA-2011-1853.html
http://www.redhat.com/support/errata/RHSA-2011-1854.html
http://www.securitytracker.com/id?1026460
http://www.securitytracker.com/id?1026463
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970