Buffer Overflow in telnetd Affects FreeBSD and MIT Kerberos
CVE-2011-4862

Currently unrated

Key Information:

Vendor

Mit

Status
Krb5-appl
FreeBSD
Heimdal
Inetutils
Vendor
CVE Published:
25 December 2011

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 92%

What is CVE-2011-4862?

A buffer overflow vulnerability in the encryption component of telnetd allows remote attackers to execute arbitrary code on affected systems by sending a carefully crafted long encryption key. This issue affects multiple versions of FreeBSD and MIT Kerberos applications, enabling potential exploitation by malicious actors to compromise system security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-4862 - Proof of Concept

Metasploit exploit module for CVE-2011-4862
Created by Rapid7

Metasploit exploit module for CVE-2011-4862
Created by Rapid7

References

http://lists.opensuse.org/opensuse-security-announce/2012...
vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/47399
third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2011/dsa-2375
vendor-advisoryx_refsource_DEBIAN

EPSS Score

92% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.