10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Added: 02/11/2012
CVE: CVE-2011-4862
BID: 51182
OSVDB: 78020
Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection.
The flaw is caused due to a boundary error within the “encrypt_keyid()” function (libtelnet/encrypt.c). This can be exploited to cause a buffer overflow via a long encryption key.
Apply the vendor supplied patch for the target system or update FreeBSD/krb5.
<http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt>
<http://thexploit.com/secdev/a-textbook-buffer-overflow-a-look-at-the-freebsd-telnetd-code/>
This exploit has been tested against telnetd on FreeBSD 8.0, FreeBSD 8.2, NetBSD 5.1 and Debian 6.0.2 Heimdal Server 1.5.
FreeBSD 8.0
FreeBSD 8.1
FreeBSD 8.2
NetBSD 5.1
Linux / Debian