Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2011-12-24 17:55
Updated : 2021-02-09 06:48
NVD link : CVE-2011-4862
Mitre link : CVE-2011-4862
JSON object : View
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Products Affected
suse
- linux_enterprise_desktop
- linux_enterprise_software_development_kit
- linux_enterprise_server
mit
- krb5-appl
freebsd
- freebsd
fedoraproject
- fedora
gnu
- inetutils
heimdal_project
- heimdal
debian
- debian_linux
opensuse
- opensuse