CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2011-4862

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile6.17th
Published2011年12月25日
Last Modified2026年4月29日

Vulnerability Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Affected Platforms (CPE)

📦
Gnu

Inetutils

< 1.9
📦
Heimdal Project

Heimdal

<= 1.5.1
📦
Mit

Krb5 Appl

<= 1.0.2
💻
Freebsd

Freebsd

>= 7.3 and <= 9.0
💻
Fedoraproject

Fedora

= 15
💻
Fedoraproject

Fedora

= 16
💻
Debian

Debian Linux

= 5.0
💻
Debian

Debian Linux

= 6.0
💻
Debian

Debian Linux

= 7.0
💻
Opensuse

Opensuse

= 11.3
💻
Opensuse

Opensuse

= 11.4
💻
Suse

Linux Enterprise Desktop

= 10
💻
Suse

Linux Enterprise Desktop

= 11
💻
Suse

Linux Enterprise Server

= 9
💻
Suse

Linux Enterprise Server

= 10
💻
Suse

Linux Enterprise Server

= 10
💻
Suse

Linux Enterprise Server

= 10
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Software Development Kit

= 10
💻
Suse

Linux Enterprise Software Development Kit

= 11

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
🔗 http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
🔗 http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
🔗 http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
🔗 http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
🔗 http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html

相關漏洞威脅

CVE-2004-14857.5

Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DN...

CVE-2021-404916.5

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the...

CVE-2011-262810.0

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause...

CVE-2011-007710.0

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before...