Executive Summary

Informations
NameCVE-2011-4862First vendor Publication2011-12-24
VendorCveLast vendor Modification2013-07-17

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22146
 
Oval ID: oval:org.mitre.oval:def:22146
Title: RHSA-2011:1851: krb5 security update (Critical)
Description: Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Family: unix Class: patch
Reference(s): RHSA-2011:1851-02
CESA-2011:1851
CVE-2011-4862
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22108
 
Oval ID: oval:org.mitre.oval:def:22108
Title: RHSA-2011:1852: krb5-appl security update (Critical)
Description: Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Family: unix Class: patch
Reference(s): RHSA-2011:1852-02
CESA-2011:1852
CVE-2011-4862
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): krb5-appl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20405
 
Oval ID: oval:org.mitre.oval:def:20405
Title: VMware ESXi and ESX address several security issues
Description: Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4862
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15184
 
Oval ID: oval:org.mitre.oval:def:15184
Title: DSA-2373-1 inetutils -- buffer overflow
Description: It was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges.
Family: unix Class: patch
Reference(s): DSA-2373-1
CVE-2011-4862
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): inetutils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15151
 
Oval ID: oval:org.mitre.oval:def:15151
Title: DSA-2375-1 krb5 -- buffer overflow
Description: It was discovered that the encryption support for BSD telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet port to execute arbitrary code with root privileges.
Family: unix Class: patch
Reference(s): DSA-2375-1
CVE-2011-4862
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15084
 
Oval ID: oval:org.mitre.oval:def:15084
Title: DSA-2372-1 heimdal -- buffer overflow
Description: It was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges.
Family: unix Class: patch
Reference(s): DSA-2372-1
CVE-2011-4862
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): heimdal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23380
 
Oval ID: oval:org.mitre.oval:def:23380
Title: ELSA-2011:1852: krb5-appl security update (Critical)
Description: Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Family: unix Class: patch
Reference(s): ELSA-2011:1852-02
CVE-2011-4862
Version: 6
Platform(s): Oracle Linux 6
Product(s): krb5-appl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23239
 
Oval ID: oval:org.mitre.oval:def:23239
Title: ELSA-2011:1851: krb5 security update (Critical)
Description: Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Family: unix Class: patch
Reference(s): ELSA-2011:1851-02
CVE-2011-4862
Version: 6
Platform(s): Oracle Linux 5
Product(s): krb5
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Os5

SAINT Exploits

DescriptionLink
Telnetd Encryption Key ID Code ExecutionMore info here

OpenVAS Exploits

DateDescription
2012-08-02Name : SuSE Update for krb5-appl openSUSE-SU-2012:0019-1 (krb5-appl)
File : nvt/gb_suse_2012_0019_1.nasl
2012-08-02Name : SuSE Update for krb5-appl openSUSE-SU-2012:0051-1 (krb5-appl)
File : nvt/gb_suse_2012_0051_1.nasl
2012-07-30Name : CentOS Update for krb5-devel CESA-2011:1851 centos4
File : nvt/gb_CESA-2011_1851_krb5-devel_centos4.nasl
2012-07-30Name : CentOS Update for krb5-devel CESA-2011:1851 centos5
File : nvt/gb_CESA-2011_1851_krb5-devel_centos5.nasl
2012-07-30Name : CentOS Update for krb5-appl-clients CESA-2011:1852 centos6
File : nvt/gb_CESA-2011_1852_krb5-appl-clients_centos6.nasl
2012-07-09Name : RedHat Update for krb5-appl RHSA-2011:1852-02
File : nvt/gb_RHSA-2011_1852-02_krb5-appl.nasl
2012-04-02Name : VMSA-2012-0006 VMware ESXi and ESX address several security issues
File : nvt/gb_VMSA-2012-0006.nasl
2012-03-19Name : Fedora Update for krb5-appl FEDORA-2011-17493
File : nvt/gb_fedora_2011_17493_krb5-appl_fc16.nasl
2012-03-12Name : Gentoo Security Advisory GLSA 201202-05 (heimdal)
File : nvt/glsa_201202_05.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201201-14 (mit-krb5-appl)
File : nvt/glsa_201201_14.nasl
2012-02-11Name : Debian Security Advisory DSA 2372-1 (heimdal)
File : nvt/deb_2372_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2373-1 (inetutils)
File : nvt/deb_2373_1.nasl
2012-01-09Name : Fedora Update for krb5-appl FEDORA-2011-17492
File : nvt/gb_fedora_2011_17492_krb5-appl_fc15.nasl
2011-12-30Name : RedHat Update for krb5 RHSA-2011:1851-01
File : nvt/gb_RHSA-2011_1851-01_krb5.nasl
2011-12-30Name : Mandriva Update for krb5-appl MDVSA-2011:195 (krb5-appl)
File : nvt/gb_mandriva_MDVSA_2011_195.nasl
2011-12-28Name : FreeBSD 'telnetd' Daemon Remote Buffer Overflow Vulnerability
File : nvt/gb_freebsd_telnetd_51182.nasl
0000-00-00Name : FreeBSD Ports: krb5-appl
File : nvt/freebsd_krb5-appl.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
78020FreeBSD telnetd Multiple telnet/libtelnet/encrypt.c encrypt_keyid() Function ...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-04-12IAVM : 2012-A-0055 - VMWare ESX 3.5 and ESXi 3.5 Privilege Escalation Vulnerability
Severity : Category I - VMSKEY : V0031978
2012-04-12IAVM : 2012-A-0056 - Multiple Vulnerabilities in VMWare ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0031979

Snort® IPS/IDS

DateDescription
2014-01-10FreeBSD telnetd dec_keyid overflow attempt
RuleID : 20813 - Revision : 7 - Type : PROTOCOL-TELNET
2014-01-10FreeBSD telnetd enc_keyid overflow attempt
RuleID : 20812 - Revision : 7 - Type : PROTOCOL-TELNET

Metasploit Database

idDescription
2011-12-23 Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow
2011-12-23 FreeBSD Telnet Service Encryption Key ID Buffer Overflow

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_krb5-appl-111229.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-17.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_krb5-appl-111229.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1851.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1852.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1853.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1854.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111227_krb5_appl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111227_krb5_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-03-30Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0006.nasl - Type : ACT_GATHER_INFO
2012-02-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201202-05.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-14.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2372.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2373.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2375.nasl - Type : ACT_GATHER_INFO
2012-01-06Name : The remote Fedora host is missing a security update.
File : fedora_2011-17492.nasl - Type : ACT_GATHER_INFO
2012-01-06Name : The remote Fedora host is missing a security update.
File : fedora_2011-17493.nasl - Type : ACT_GATHER_INFO
2012-01-03Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_krb5-7899.nasl - Type : ACT_GATHER_INFO
2012-01-03Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_krb5-111229.nasl - Type : ACT_GATHER_INFO
2011-12-29Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-195.nasl - Type : ACT_GATHER_INFO
2011-12-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1851.nasl - Type : ACT_GATHER_INFO
2011-12-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1852.nasl - Type : ACT_GATHER_INFO
2011-12-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1851.nasl - Type : ACT_GATHER_INFO
2011-12-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1852.nasl - Type : ACT_GATHER_INFO
2011-12-27Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_4ddc78dc300a11e1a2aa0016ce01e285.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BUGTRAQhttp://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
CONFIRMhttp://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2...
http://security.freebsd.org/patches/SA-11:08/telnetd.patch
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
DEBIANhttp://www.debian.org/security/2011/dsa-2372
http://www.debian.org/security/2011/dsa-2373
http://www.debian.org/security/2011/dsa-2375
EXPLOIT-DBhttp://www.exploit-db.com/exploits/18280/
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627...
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640...
FREEBSDhttp://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:195
MLISThttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
OSVDBhttp://osvdb.org/78020
REDHAThttp://www.redhat.com/support/errata/RHSA-2011-1851.html
http://www.redhat.com/support/errata/RHSA-2011-1852.html
http://www.redhat.com/support/errata/RHSA-2011-1853.html
http://www.redhat.com/support/errata/RHSA-2011-1854.html
SECTRACKhttp://www.securitytracker.com/id?1026460
http://www.securitytracker.com/id?1026463
SECUNIAhttp://secunia.com/advisories/46239
http://secunia.com/advisories/47341
http://secunia.com/advisories/47348
http://secunia.com/advisories/47357
http://secunia.com/advisories/47359
http://secunia.com/advisories/47373
http://secunia.com/advisories/47374
http://secunia.com/advisories/47397
http://secunia.com/advisories/47399
http://secunia.com/advisories/47441
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
XFhttp://xforce.iss.net/xforce/xfdb/71970

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2014-06-14 13:32:02
  • Multiple Updates
2014-02-17 11:06:34
  • Multiple Updates
2014-01-19 21:28:15
  • Multiple Updates
2013-11-11 12:39:40
  • Multiple Updates
2013-07-17 21:18:45
  • Multiple Updates
2013-05-10 23:12:02
  • Multiple Updates