CVE-2011-4862

High PUBLISHED

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and...

FreeBSD · FreeBSD

Not yet in CISA KEV

PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
PoC available
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
10.0 High

At a Glance

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

metasploit
CVE Published
Dec 25, 2011
Exploitation Reported
Dec 25, 2011
CVSS
10.0 High
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • SUSE-SU-2012:0042 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010...
  • DSA-2375 debian.org · Vendor Advisory http://www.debian.org/security/2011/dsa-2375
  • RHSA-2011:1854 redhat.com · Vendor Advisory http://www.redhat.com/support/errata/RHSA-2011-1854.html
  • SUSE-SU-2012:0018 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004...
  • DSA-2372 debian.org · Vendor Advisory http://www.debian.org/security/2011/dsa-2372
Show 37 more references
  • FEDORA-2011-17493 lists.fedoraproject.org · Vendor Advisory http://lists.fedoraproject.org/pipermail/package-announce/2012-Januar...
  • FreeBSD-SA-11:08 security.freebsd.org · Vendor Advisory http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
  • openSUSE-SU-2012:0019 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005...
  • FEDORA-2011-17492 lists.fedoraproject.org · Vendor Advisory http://lists.fedoraproject.org/pipermail/package-announce/2012-Januar...
  • MDVSA-2011:195 mandriva.com · Vendor Advisory http://www.mandriva.com/security/advisories?name=MDVSA-2011:195
  • SUSE-SU-2012:0024 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007...
  • SUSE-SU-2012:0050 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011...
  • RHSA-2011:1852 redhat.com · Vendor Advisory http://www.redhat.com/support/errata/RHSA-2011-1852.html
  • RHSA-2011:1853 redhat.com · Vendor Advisory http://www.redhat.com/support/errata/RHSA-2011-1853.html
  • openSUSE-SU-2012:0051 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014...
  • SUSE-SU-2012:0010 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002...
  • SUSE-SU-2012:0056 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015...
  • RHSA-2011:1851 redhat.com · Vendor Advisory http://www.redhat.com/support/errata/RHSA-2011-1851.html
  • DSA-2373 debian.org · Vendor Advisory http://www.debian.org/security/2011/dsa-2373
  • 47399 secunia.com · Third-Party Advisory http://secunia.com/advisories/47399
  • 47359 secunia.com · Third-Party Advisory http://secunia.com/advisories/47359
  • 47374 secunia.com · Third-Party Advisory http://secunia.com/advisories/47374
  • 47341 secunia.com · Third-Party Advisory http://secunia.com/advisories/47341
  • 47357 secunia.com · Third-Party Advisory http://secunia.com/advisories/47357
  • 46239 secunia.com · Third-Party Advisory http://secunia.com/advisories/46239
  • 47397 secunia.com · Third-Party Advisory http://secunia.com/advisories/47397
  • 47373 secunia.com · Third-Party Advisory http://secunia.com/advisories/47373
  • 47441 secunia.com · Third-Party Advisory http://secunia.com/advisories/47441
  • 47348 secunia.com · Third-Party Advisory http://secunia.com/advisories/47348
  • 18280 exploit-db.com · Exploit http://www.exploit-db.com/exploits/18280/
  • 78020 osvdb.org · VDB Entry http://osvdb.org/78020
  • 1026463 securitytracker.com · VDB Entry http://www.securitytracker.com/id?1026463
  • 1026460 securitytracker.com · VDB Entry http://www.securitytracker.com/id?1026460
  • multiple-telnetd-bo(71970) exchange.xforce.ibmcloud.com · VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
  • 20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] archives.neohapsis.com · Mailing List http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
  • [freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team lists.freebsd.org · Mailing List http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006...
  • [freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team lists.freebsd.org · Mailing List http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006...
  • [freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team lists.freebsd.org · Mailing List http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006...
  • [freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team lists.freebsd.org · Mailing List http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006...
  • security.freebsd.org/patches/SA-11:08/telnetd.patch security.freebsd.org · CVE Record http://security.freebsd.org/patches/SA-11:08/telnetd.patch
  • git.savannah.gnu.org/cgit/inetutils.git/commit git.savannah.gnu.org · CVE Record http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd...
  • web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt web.mit.edu · CVE Record http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.