Search for vulnerabilities
Vulnerability details: VCID-7avt-gvth-aaan
Vulnerability ID VCID-7avt-gvth-aaan
Aliases CVE-2011-4862
Summary Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-130 Improper Handling of Length Parameter Inconsistency
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4862.html
rhas Critical https://access.redhat.com/errata/RHSA-2011:1851
rhas Critical https://access.redhat.com/errata/RHSA-2011:1852
rhas Critical https://access.redhat.com/errata/RHSA-2011:1853
rhas Critical https://access.redhat.com/errata/RHSA-2011:1854
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.92585 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.96257 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.96257 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.96697 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.96697 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.96697 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.96745 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.96745 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.96745 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss 0.96745 https://api.first.org/data/v1/epss?cve=CVE-2011-4862
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=770325
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2011-4862
Reference id Reference type URL
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
http://osvdb.org/78020
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4862.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json
https://api.first.org/data/v1/epss?cve=CVE-2011-4862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
http://secunia.com/advisories/46239
http://secunia.com/advisories/47341
http://secunia.com/advisories/47348
http://secunia.com/advisories/47357
http://secunia.com/advisories/47359
http://secunia.com/advisories/47373
http://secunia.com/advisories/47374
http://secunia.com/advisories/47397
http://secunia.com/advisories/47399
http://secunia.com/advisories/47441
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
http://security.freebsd.org/patches/SA-11:08/telnetd.patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
http://www.debian.org/security/2011/dsa-2372
http://www.debian.org/security/2011/dsa-2373
http://www.debian.org/security/2011/dsa-2375
http://www.exploit-db.com/exploits/18280/
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195
http://www.redhat.com/support/errata/RHSA-2011-1851.html
http://www.redhat.com/support/errata/RHSA-2011-1852.html
http://www.redhat.com/support/errata/RHSA-2011-1853.html
http://www.redhat.com/support/errata/RHSA-2011-1854.html
http://www.securitytracker.com/id?1026460
http://www.securitytracker.com/id?1026463
654231 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654231
770325 https://bugzilla.redhat.com/show_bug.cgi?id=770325
cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*
cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*
cpe:2.3:a:mit:krb5-appl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:krb5-appl:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:vmware:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
CVE-2011-4862 https://nvd.nist.gov/vuln/detail/CVE-2011-4862
CVE-2011-4862;OSVDB-78020 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/18369.rb
CVE-2011-4862;OSVDB-78020 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18280.c
CVE-2011-4862;OSVDB-78020 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18368.rb
GLSA-201201-14 https://security.gentoo.org/glsa/201201-14
GLSA-201202-05 https://security.gentoo.org/glsa/201202-05
RHSA-2011:1851 https://access.redhat.com/errata/RHSA-2011:1851
RHSA-2011:1852 https://access.redhat.com/errata/RHSA-2011:1852
RHSA-2011:1853 https://access.redhat.com/errata/RHSA-2011:1853
RHSA-2011:1854 https://access.redhat.com/errata/RHSA-2011:1854
Data source Metasploit
Description This module exploits a buffer overflow in the encryption option handler of the Linux BSD-derived telnet service (inetutils or krb5-telnet). Most Linux distributions use NetKit-derived telnet daemons, so this flaw only applies to a small subset of Linux systems running telnetd.
Note 
{}
Ransomware campaign use Unknown
Source publication date Dec. 23, 2011
Platform Linux
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb
Data source Exploit-DB
Date added Dec. 26, 2011
Description TelnetD encrypt_keyid - Function Pointer Overwrite
Ransomware campaign use Known
Source publication date Dec. 26, 2011
Exploit type remote
Platform linux
Source update date Dec. 5, 2016
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-4862
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.99739
EPSS Score 0.92585
Published At April 11, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.