Lucene search

PRIOn knowledge basePRION:CVE-2011-4862

HistoryDec 25, 2011 - 1:55 a.m.

Buffer overflow

2011-12-2501:55:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

CPENameOperatorVersion
debian_linuxeq5.0
debian_linuxeq7.0
debian_linuxeq6.0
fedoraeq16
fedoraeq15
freebsdge7.3
freebsdle9.0
inetutilslt1.9
heimdalle1.5.1
krb5-applle1.0.2

Name	Operator	Version
debian_linux	eq	5.0
debian_linux	eq	7.0
debian_linux	eq	6.0
fedora	eq	16
fedora	eq	15
freebsd	ge	7.3
freebsd	le	9.0
inetutils	lt	1.9
heimdal	le	1.5.1
krb5-appl	le	1.0.2

Rows per page:

1-10 of 221

References

archives.neohapsis.com/archives/bugtraq/2011-12/0172.html

git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592

lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html

lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html

lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html

lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html

osvdb.org/78020

secunia.com/advisories/46239

secunia.com/advisories/47341

secunia.com/advisories/47348

secunia.com/advisories/47357

secunia.com/advisories/47359

secunia.com/advisories/47373

secunia.com/advisories/47374

secunia.com/advisories/47397

secunia.com/advisories/47399

secunia.com/advisories/47441

security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc

security.freebsd.org/patches/SA-11:08/telnetd.patch

web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt

www.debian.org/security/2011/dsa-2372

www.debian.org/security/2011/dsa-2373

www.debian.org/security/2011/dsa-2375

www.mandriva.com/security/advisories?name=MDVSA-2011:195

www.redhat.com/support/errata/RHSA-2011-1851.html

www.redhat.com/support/errata/RHSA-2011-1852.html

www.redhat.com/support/errata/RHSA-2011-1853.html

www.redhat.com/support/errata/RHSA-2011-1854.html

www.securitytracker.com/id?1026460

www.securitytracker.com/id?1026463

exchange.xforce.ibmcloud.com/vulnerabilities/71970

lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html

lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html

www.exploit-db.com/exploits/18280/

8.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Related for PRION:CVE-2011-4862