CVE-2011-4862
CVE-2011-4862
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Affected products
n/a · n/apublic PoCs found — 7
githubgithub.com/hdbreaker/GO-CVE-2011-4862★ 4githubgithub.com/appsecrani/CVE-2011-4862★ 1githubgithub.com/lol-fi/cve-2011-4862★ 0cve_referencewww.exploit-db.com/exploits/18280/unverifiedexploitdbwww.exploit-db.com/exploits/18369unverifiedexploitdbwww.exploit-db.com/exploits/18368unverifiedexploitdbwww.exploit-db.com/exploits/18280unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.htmlhttp://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html