CVE-2011-4862

EPSS 92.6%

inetutils - buffer overflow

Published: 12/25/2011Modified: 4/28/2026

Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Affected packages (7)

Debian/heimdalfrom 0, < 1.4.0~git20100726.dfsg.1-2+squeeze1
Debian/heimdalfrom 0, < 1.5.dfsg.1-1
Debian/inetutilsfrom 0, < 2:1.8-6
Debian/inetutilsfrom 0, < 2:1.6-3.1+squeeze1
Debian/krb5from 0, < 1.8+dfsg~aa+r23527-1
Debian/krb5from 0, < 1.6.dfsg.4~beta1-5lenny7
Debian/krb5-applfrom 0, < 1:1.0.1-1.2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-4862