An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the user running the telnet daemon or client, or cause Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Heimdal users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=app-crypt/heimdal-1.5.1-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-crypt/heimdal< 1.5.1-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	app-crypt/heimdal	< 1.5.1-r1	UNKNOWN

nessus 31

prion 1

openvas 40

seebug 1

veracode 1

saint 4

packetstorm 4

debian 3

ubuntucve 1

cve 1

redhat 4

zdt 1

oraclelinux 3

securityvulns 5

suse 8

debiancve 1

freebsd 1

centos 2

freebsd_advisory 1

checkpoint_advisories 1

fedora 2

cisco 1

gentoo 1

vmware 2

nessus

RHEL 5 : krb5 (RHSA-2011:1853)

2013-01-24 00:00:00

RHEL 6 : krb5-appl (RHSA-2011:1852)

2011-12-28 00:00:00

Cisco Content Security Management Appliance Telnet Remote Code Execution (cisco-sa-20120126-ironport)

2014-11-17 00:00:00

prion

Buffer overflow

2011-12-25 01:55:00

openvas

RedHat Update for krb5-appl RHSA-2011:1852-02

2012-07-09 00:00:00

RedHat Update for krb5 RHSA-2011:1851-01

2011-12-30 00:00:00

CentOS Update for krb5-devel CESA-2011:1851 centos4

2012-07-30 00:00:00

seebug

FreeBSD 'telnetd'守护进程远程缓冲区溢出漏洞

2011-12-26 00:00:00

veracode

Denial Of Service (DoS)

2020-04-10 01:05:32

saint

Telnetd Encryption Key ID Code Execution

2012-02-11 00:00:00

Telnetd Encryption Key ID Code Execution

2012-02-11 00:00:00

Telnetd Encryption Key ID Code Execution

2012-02-11 00:00:00

packetstorm

FreeBSD telnetd Remote Root

2012-01-16 00:00:00

FreeBSD Telnet Service Encyption Key ID Buffer Overflow

2011-12-28 00:00:00

Linux BSD-derived Telnet Service Encyption Key ID Buffer Overflow

2011-12-28 00:00:00

debian

[SECURITY] [DSA 2375-1] krb5. krb5-appl security update

2011-12-26 13:18:10

[SECURITY] [DSA 2373-1] inetutils security update

2011-12-25 17:15:34

[SECURITY] [DSA 2372-1] heimdal security update

2011-12-25 17:14:18

ubuntucve

CVE-2011-4862

2011-12-25 00:00:00

cve

CVE-2011-4862

2011-12-25 01:55:00

redhat

(RHSA-2011:1851) Critical: krb5 security update

2011-12-27 00:00:00

(RHSA-2011:1853) Critical: krb5 security update

2011-12-28 00:00:00

(RHSA-2011:1852) Critical: krb5-appl security update

2011-12-27 00:00:00

zdt

Cisco Ironport WSA telnetd Remote Code Execution Vulnerability

2014-10-24 00:00:00

oraclelinux

krb5-appl security update

2011-12-27 00:00:00

krb5 security update

2011-12-27 00:00:00

krb5 security and bug fix update

2012-03-01 00:00:00

securityvulns

MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]

2012-01-02 00:00:00

MIT / FreeBSD / Cisco telnetd buffer overflow

2012-01-30 00:00:00

FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd

2012-01-02 00:00:00

suse

Security update for heimdal (important)

2012-01-05 12:08:59

Security update for heimdal (important)

2012-01-05 12:36:30

Security update for Kerberos 5 (important)

2012-01-05 12:36:16

debiancve

CVE-2011-4862

2011-12-25 01:55:00

freebsd

krb5-appl -- telnetd code execution vulnerability

2011-12-23 00:00:00

centos

krb5 security update

2011-12-27 20:44:52

krb5 security update

2011-12-27 21:11:42

freebsd_advisory

FreeBSD-SA-11:08.telnetd

2011-12-23 00:00:00

checkpoint_advisories

Multiple Vendors BSD telnetd Encryption Key Buffer Overflow (CVE-2011-4862)

2012-05-14 00:00:00

fedora

[SECURITY] Fedora 16 Update: krb5-appl-1.0.2-2.fc16

2012-01-05 21:03:02

[SECURITY] Fedora 15 Update: krb5-appl-1.0.1-8.fc15

2012-01-05 20:57:26

cisco

Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability

2012-01-26 17:00:00

gentoo

MIT Kerberos 5 Applications: Multiple vulnerabilities

2012-01-23 00:00:00

vmware

VMware ESXi and ESX address several security issues

2012-03-29 00:00:00

VMware ESXi and ESX address several security issues

2012-03-29 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Related for GLSA-201202-05