← back
CVE-2011-4862

CVE-2011-4862

EPSS 95.1%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 95.1%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
23 Dec 2011Metasploit module available
25 Dec 2011Published on NVD
26 Dec 2011Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Affected products
n/a · n/a
public PoCs found7
githubgithub.com/hdbreaker/GO-CVE-2011-48624githubgithub.com/appsecrani/CVE-2011-48621githubgithub.com/lol-fi/cve-2011-48620cve_referencewww.exploit-db.com/exploits/18280/unverifiedexploitdbwww.exploit-db.com/exploits/18369unverifiedexploitdbwww.exploit-db.com/exploits/18368unverifiedexploitdbwww.exploit-db.com/exploits/18280unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.htmlhttp://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html