10.0
CRITICAL
CVE-2011-4862
FreeBSD telnetd Buffer Overflow Vulnerability
Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

INFO

Published Date :

Dec. 25, 2011, 1:55 a.m.

Last Modified :

Feb. 9, 2021, 2:48 p.m.

Remotely Exploitable :

Yes !

Impact Score :

10.0

Exploitability Score :

10.0
Public PoC/Exploit Available at Github

CVE-2011-4862 has a 9 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2011-4862 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Suse linux_enterprise_server
2 Suse linux_enterprise_desktop
3 Suse linux_enterprise_software_development_kit
1 Fedoraproject fedora
1 Debian debian_linux
1 Freebsd freebsd
1 Opensuse opensuse
1 Heimdal_project heimdal
1 Mit krb5-appl
1 Gnu inetutils
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2011-4862.

URL Resource
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html Broken Link
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 Patch Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html Third Party Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html Vendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html Vendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html Vendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html Mailing List Third Party Advisory
http://osvdb.org/78020 Broken Link
http://secunia.com/advisories/46239 Third Party Advisory
http://secunia.com/advisories/47341 Third Party Advisory
http://secunia.com/advisories/47348 Third Party Advisory
http://secunia.com/advisories/47357 Third Party Advisory
http://secunia.com/advisories/47359 Third Party Advisory
http://secunia.com/advisories/47373 Third Party Advisory
http://secunia.com/advisories/47374 Third Party Advisory
http://secunia.com/advisories/47397 Third Party Advisory
http://secunia.com/advisories/47399 Third Party Advisory
http://secunia.com/advisories/47441 Third Party Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc Mitigation Vendor Advisory
http://security.freebsd.org/patches/SA-11:08/telnetd.patch Patch Vendor Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt Patch Vendor Advisory
http://www.debian.org/security/2011/dsa-2372 Third Party Advisory
http://www.debian.org/security/2011/dsa-2373 Third Party Advisory
http://www.debian.org/security/2011/dsa-2375 Third Party Advisory
http://www.exploit-db.com/exploits/18280/ Exploit Third Party Advisory VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1851.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1852.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1853.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1854.html Third Party Advisory
http://www.securitytracker.com/id?1026460 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1026463 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970 Third Party Advisory VDB Entry

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Imoro Umar Farouq's report on Internal Network Penetration Testing

Shell

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Sept. 12, 2024, 11:46 a.m. This repo has been linked 161 different CVEs too.

None

Updated: 6 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : May 6, 2024, 7:01 p.m. This repo has been linked 3 different CVEs too.

None

Shell

Updated: 2 months, 2 weeks ago
3 stars 2 fork 2 watcher
Born at : March 23, 2023, 4:32 a.m. This repo has been linked 435 different CVEs too.

None

C

Updated: 2 years ago
0 stars 1 fork 1 watcher
Born at : Dec. 13, 2020, 10:25 a.m. This repo has been linked 1 different CVEs too.

Final Project for Security and Privacy CS 600.443

C

Updated: 10 months ago
1 stars 0 fork 0 watcher
Born at : Feb. 6, 2020, 9:30 a.m. This repo has been linked 1 different CVEs too.

Localroot-ALL-CVE~

localroot cheatsheet security kernel linux exploits cve linux-privilege-escalation cybersecurity infosec pentesting

C Shell Python Ruby Makefile HTML Perl Batchfile

Updated: 2 months, 3 weeks ago
123 stars 46 fork 46 watcher
Born at : Feb. 2, 2020, 6:25 a.m. This repo has been linked 93 different CVEs too.

Localroot Compile

C Shell Python

Updated: 3 months, 1 week ago
24 stars 24 fork 24 watcher
Born at : Aug. 1, 2019, 11:25 a.m. This repo has been linked 31 different CVEs too.

None

Updated: 5 years, 11 months ago
0 stars 0 fork 0 watcher
Born at : Nov. 28, 2018, 9:13 p.m. This repo has been linked 1 different CVEs too.

Go Exploit for CVE-2011-4862

Makefile Go

Updated: 9 months, 3 weeks ago
4 stars 3 fork 3 watcher
Born at : Feb. 2, 2017, 6:12 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2011-4862 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2011-4862 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Reanalysis by [email protected]

    Feb. 09, 2021

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:gnu:inetutils:-:*:*:*:*:*:*:* *cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:* versions up to (including) 1.5.1 *cpe:2.3:a:mit:krb5-appl:*:*:*:*:*:*:*:* versions up to (including) 1.0.2 *cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions from (including) 7.3 up to (including) 9.0 OR *cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:* versions up to (excluding) 1.9 *cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:* versions up to (including) 1.5.1 *cpe:2.3:a:mit:krb5-appl:*:*:*:*:*:*:*:* versions up to (including) 1.0.2 *cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions from (including) 7.3 up to (including) 9.0
  • Modified Analysis by [email protected]

    Feb. 03, 2021

    Action Type Old Value New Value
    Changed Reference Type http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html No Types Assigned http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html Broken Link
    Changed Reference Type http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 No Types Assigned http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 Patch, Third Party Advisory
    Changed Reference Type http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html No Types Assigned http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html Third Party Advisory
    Changed Reference Type http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html No Types Assigned http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html Mailing List, Third Party Advisory
    Changed Reference Type http://osvdb.org/78020 No Types Assigned http://osvdb.org/78020 Broken Link
    Changed Reference Type http://secunia.com/advisories/46239 No Types Assigned http://secunia.com/advisories/46239 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/47341 No Types Assigned http://secunia.com/advisories/47341 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/47348 No Types Assigned http://secunia.com/advisories/47348 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/47357 No Types Assigned http://secunia.com/advisories/47357 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/47359 No Types Assigned http://secunia.com/advisories/47359 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/47373 No Types Assigned http://secunia.com/advisories/47373 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/47374 No Types Assigned http://secunia.com/advisories/47374 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/47397 No Types Assigned http://secunia.com/advisories/47397 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/47399 No Types Assigned http://secunia.com/advisories/47399 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/47441 No Types Assigned http://secunia.com/advisories/47441 Third Party Advisory
    Changed Reference Type http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc Vendor Advisory http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc Mitigation, Vendor Advisory
    Changed Reference Type http://security.freebsd.org/patches/SA-11:08/telnetd.patch Vendor Advisory http://security.freebsd.org/patches/SA-11:08/telnetd.patch Patch, Vendor Advisory
    Changed Reference Type http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt No Types Assigned http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt Patch, Vendor Advisory
    Changed Reference Type http://www.debian.org/security/2011/dsa-2372 No Types Assigned http://www.debian.org/security/2011/dsa-2372 Third Party Advisory
    Changed Reference Type http://www.debian.org/security/2011/dsa-2373 No Types Assigned http://www.debian.org/security/2011/dsa-2373 Third Party Advisory
    Changed Reference Type http://www.debian.org/security/2011/dsa-2375 No Types Assigned http://www.debian.org/security/2011/dsa-2375 Third Party Advisory
    Changed Reference Type http://www.exploit-db.com/exploits/18280/ No Types Assigned http://www.exploit-db.com/exploits/18280/ Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type http://www.mandriva.com/security/advisories?name=MDVSA-2011:195 No Types Assigned http://www.mandriva.com/security/advisories?name=MDVSA-2011:195 Third Party Advisory
    Changed Reference Type http://www.redhat.com/support/errata/RHSA-2011-1851.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2011-1851.html Third Party Advisory
    Changed Reference Type http://www.redhat.com/support/errata/RHSA-2011-1852.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2011-1852.html Third Party Advisory
    Changed Reference Type http://www.redhat.com/support/errata/RHSA-2011-1853.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2011-1853.html Third Party Advisory
    Changed Reference Type http://www.redhat.com/support/errata/RHSA-2011-1854.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2011-1854.html Third Party Advisory
    Changed Reference Type http://www.securitytracker.com/id?1026460 No Types Assigned http://www.securitytracker.com/id?1026460 Third Party Advisory, VDB Entry
    Changed Reference Type http://www.securitytracker.com/id?1026463 No Types Assigned http://www.securitytracker.com/id?1026463 Third Party Advisory, VDB Entry
    Changed Reference Type https://exchange.xforce.ibmcloud.com/vulnerabilities/71970 No Types Assigned https://exchange.xforce.ibmcloud.com/vulnerabilities/71970 Third Party Advisory, VDB Entry
    Removed CWE NIST CWE-119
    Added CWE NIST CWE-120
    Changed CPE Configuration OR *cpe:2.3:a:h5l:heimdal:*:*:*:*:*:*:*:* versions up to (including) 1.5.1 *cpe:2.3:a:mit:krb5-appl:*:*:*:*:*:*:*:* versions up to (including) 1.02 *cpe:2.3:o:freebsd:freebsd:7.3:*:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:8.2:*:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:* OR *cpe:2.3:a:gnu:inetutils:-:*:*:*:*:*:*:* *cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:* versions up to (including) 1.5.1 *cpe:2.3:a:mit:krb5-appl:*:*:*:*:*:*:*:* versions up to (including) 1.0.2 *cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions from (including) 7.3 up to (including) 9.0
    Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* *cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* *cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:* *cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* *cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* *cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:* *cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:* *cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:* *cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:* *cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:vmware:*:* *cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:* *cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Aug. 29, 2017

    Action Type Old Value New Value
    Removed Reference http://xforce.iss.net/xforce/xfdb/71970 [No Types Assigned]
    Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/71970 [No Types Assigned]
  • Initial Analysis by [email protected]

    Dec. 26, 2011

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2011-4862 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

96.74 }} 0.05%

score

0.99720

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability