CyberSec.Space Logo
Back to CVE Browser

CVE-2011-4862

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile6.17th
PublishedDec 25, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Affected Platforms (CPE)

πŸ“¦
Gnu

Inetutils

< 1.9
πŸ“¦
Heimdal Project

Heimdal

<= 1.5.1
πŸ“¦
Mit

Krb5 Appl

<= 1.0.2
πŸ’»
Freebsd

Freebsd

>= 7.3 and <= 9.0
πŸ’»
Fedoraproject

Fedora

= 15
πŸ’»
Fedoraproject

Fedora

= 16
πŸ’»
Debian

Debian Linux

= 5.0
πŸ’»
Debian

Debian Linux

= 6.0
πŸ’»
Debian

Debian Linux

= 7.0
πŸ’»
Opensuse

Opensuse

= 11.3
πŸ’»
Opensuse

Opensuse

= 11.4
πŸ’»
Suse

Linux Enterprise Desktop

= 10
πŸ’»
Suse

Linux Enterprise Desktop

= 11
πŸ’»
Suse

Linux Enterprise Server

= 9
πŸ’»
Suse

Linux Enterprise Server

= 10
πŸ’»
Suse

Linux Enterprise Server

= 10
πŸ’»
Suse

Linux Enterprise Server

= 10
πŸ’»
Suse

Linux Enterprise Server

= 11
πŸ’»
Suse

Linux Enterprise Server

= 11
πŸ’»
Suse

Linux Enterprise Software Development Kit

= 10
πŸ’»
Suse

Linux Enterprise Software Development Kit

= 11

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
πŸ”— http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
πŸ”— http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
πŸ”— http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
πŸ”— http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
πŸ”— http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html

Related Vulnerabilities

CVE-2004-14857.5

Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DN...

CVE-2021-404916.5

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the...

CVE-2011-262810.0

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause...

CVE-2011-007710.0

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before...