Home

CVE-2011-4862

Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
92.585

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2011:1854) Critical: krb5-appl security update krb5-appl-clients-1.0.1-2.el6_1.3.i686.rpmLinux
(RHSA-2011:1854) Critical: krb5-appl security update krb5-appl-clients-1.0.1-2.el6_1.3.x86_64.rpmLinux
(RHSA-2011:1854) Critical: krb5-appl security update krb5-appl-servers-1.0.1-2.el6_1.3.i686.rpmLinux
(RHSA-2011:1854) Critical: krb5-appl security update krb5-appl-servers-1.0.1-2.el6_1.3.x86_64.rpmLinux
Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability For Cisco IronPort Web Security Appliance SoftwareNCM
Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability For Cisco IronPort Email Security Appliance SoftwareNCM
Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability For Cisco IronPort Security Management Appliance SoftwareNCM
Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability (CVE-2011-4862)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706023Security Update for Cisco IronPort Web Security Appliance Software 9.1.2-010
PATCH-1706003Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131
PATCH-1706033Security Update for Cisco IronPort Security Management Appliance Software 11.0.1-152

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234