National Vulnerability Database (NVD) National Vulnerability Database (CVE-2011-4862)

National Cyber Awareness System

Vulnerability Summary for CVE-2011-4862

Original release date:12/25/2011

Last revised:11/06/2012

Source: US-CERT/NIST

Overview

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: multiple-telnetd-bo(71970)

Hyperlink:http://xforce.iss.net/xforce/xfdb/71970

External Source: SECTRACK

Name: 1026463

Hyperlink:http://www.securitytracker.com/id?1026463

External Source: SECTRACK

Name: 1026460

Hyperlink:http://www.securitytracker.com/id?1026460

External Source: REDHAT

Name: RHSA-2011:1854

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1854.html

External Source: REDHAT

Name: RHSA-2011:1853

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1853.html

External Source: REDHAT

Name: RHSA-2011:1852

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1852.html

External Source: REDHAT

Name: RHSA-2011:1851

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1851.html

External Source: MANDRIVA

Name: MDVSA-2011:195

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:195

External Source: EXPLOIT-DB

Name: 18280

Hyperlink:http://www.exploit-db.com/exploits/18280/

External Source: DEBIAN

Name: DSA-2375

Hyperlink:http://www.debian.org/security/2011/dsa-2375

External Source: DEBIAN

Name: DSA-2373

Hyperlink:http://www.debian.org/security/2011/dsa-2373

External Source: DEBIAN

Name: DSA-2372

Hyperlink:http://www.debian.org/security/2011/dsa-2372

External Source: CONFIRM

Name: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt

Hyperlink:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt

External Source: CONFIRM

Name: http://security.freebsd.org/patches/SA-11:08/telnetd.patch

Type: Advisory

Hyperlink:http://security.freebsd.org/patches/SA-11:08/telnetd.patch

External Source: FREEBSD

Name: FreeBSD-SA-11:08

Type: Advisory

Hyperlink:http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc

External Source: SECUNIA

Name: 47441

Hyperlink:http://secunia.com/advisories/47441

External Source: SECUNIA

Name: 47399

Hyperlink:http://secunia.com/advisories/47399

External Source: SECUNIA

Name: 47397

Hyperlink:http://secunia.com/advisories/47397

External Source: SECUNIA

Name: 47374

Hyperlink:http://secunia.com/advisories/47374

External Source: SECUNIA

Name: 47373

Hyperlink:http://secunia.com/advisories/47373

External Source: SECUNIA

Name: 47359

Hyperlink:http://secunia.com/advisories/47359

External Source: SECUNIA

Name: 47357

Hyperlink:http://secunia.com/advisories/47357

External Source: SECUNIA

Name: 47348

Hyperlink:http://secunia.com/advisories/47348

External Source: SECUNIA

Name: 47341

Hyperlink:http://secunia.com/advisories/47341

External Source: SECUNIA

Name: 46239

Hyperlink:http://secunia.com/advisories/46239

External Source: OSVDB

Name: 78020

Hyperlink:http://osvdb.org/78020

External Source: SUSE

Name: SUSE-SU-2012:0056

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html

External Source: SUSE

Name: openSUSE-SU-2012:0051

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html

External Source: SUSE

Name: SUSE-SU-2012:0050

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html

External Source: SUSE

Name: SUSE-SU-2012:0042

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

External Source: SUSE

Name: SUSE-SU-2012:0024

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html

External Source: SUSE

Name: openSUSE-SU-2012:0019

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html

External Source: SUSE

Name: SUSE-SU-2012:0018

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html

External Source: SUSE

Name: SUSE-SU-2012:0010

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

External Source: MLIST

Name: [freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team

Type: Advisory

Hyperlink:http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html

External Source: MLIST

Name: [freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team

Type: Advisory

Hyperlink:http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html

External Source: MLIST

Name: [freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team

Type: Advisory

Hyperlink:http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html

External Source: MLIST

Name: [freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team

Type: Advisory

Hyperlink:http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html

External Source: FEDORA

Name: FEDORA-2011-17493

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html

External Source: FEDORA

Name: FEDORA-2011-17492

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html

External Source: CONFIRM

Name: http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592

Hyperlink:http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592

External Source: BUGTRAQ

Name: 20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]

Hyperlink:http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html

Vulnerable software and versions

Configuration 1

* cpe:/o:freebsd:freebsd:7.3

* cpe:/o:freebsd:freebsd:8.1

* cpe:/o:freebsd:freebsd:8.2

* cpe:/o:freebsd:freebsd:9.0

* cpe:/o:freebsd:freebsd:8.0

* cpe:/a:h5l:heimdal:1.5.1 and previous versions

* cpe:/a:mit:krb5-appl:1.02 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Buffer Errors (CWE-119)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862