What is CVE-2011-4862?

CVE-2011-4862 is a vulnerability in Freebsd, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2011-12-25.

Is CVE-2011-4862 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Freebsd

CVE-2011-4862

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attack…

Vulnerability class: Buffer Overflow

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

Freebsd
Gnu Inetutils
Heimdal_project Heimdal
Mit Krb5-appl
Debian Debian_linux — versions 5.0, 6.0, 7.0
Fedoraproject Fedora — versions 15, 16
Opensuse — versions 11.3, 11.4
Suse Linux_enterprise_desktop — versions 10, 11
Suse Linux_enterprise_server — versions 9, 10, 11
Suse Linux_enterprise_software_development_kit — versions 10, 11

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

Public proof-of-concept exploits

References

SUSE-SU-2012:0042 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
47399 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
DSA-2375 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
RHSA-2011:1854 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
SUSE-SU-2012:0018 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] (mailing-list, x_refsource_BUGTRAQ, Broken Link)
DSA-2372 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
47359 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
FEDORA-2011-17493 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team (Vendor Advisory, mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2011-4862?: CVE-2011-4862 is a vulnerability in Freebsd, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2011-12-25.
Is CVE-2011-4862 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.