Lucene search
RootSSV:26112HistoryDec 26, 2011 - 12:00 a.m.
FreeBSD 'telnetd'守护进程远程缓冲区溢出漏洞
2011-12-2600:00:00
Root
www.seebug.org
145
0.968 High
EPSS
Percentile
99.7%
Bugtraq ID: 51182
CVE ID:CVE-2011-4862
FreeBSD是一款基于BSD的操作系统。
FreeBSD Telnet协议有一个对数据流进行加密的机制(但其加密性不强,不能在任何关键性安全应用上使用)
当通过TELNET协议提供加密密钥时,在拷贝密钥到固定缓冲区时没有对其长度进行校验,可触发缓冲区溢出。能连接telnetd守护程序的攻击者可以以守护进程上下文执行任意代码
0
Freebsd 9.0-STABLE
Freebsd 9.0-RELEASE
Freebsd 9.0-RC3
Freebsd 9.0-RC1
Freebsd 8.2-STABLE
Freebsd 8.2-STABLE
Freebsd 8.2-RELEASE-p2
Freebsd 8.2-RELEASE-p1
Freebsd 8.2 - RELEASE -p3
Freebsd 8.2
Freebsd 8.1-RELEASE-p5
Freebsd 8.1-RELEASE-p4
FreeBSD 8.1-RELEASE
FreeBSD 8.1-PRERELEASE
Freebsd 8.1
Freebsd 7.4-STABLE
Freebsd 7.4-RELEASE-p2
Freebsd 7.4 -RELEASE-p3
Freebsd 7.4
FreeBSD 7.3-STABLE
Freebsd 7.3-RELEASE-p6
FreeBSD 7.3-RELEASE-p1
Freebsd 7.3 - RELEASE - p7
Freebsd 7.3
厂商解决方案
freebsd
用户可参考如下供应商提供的安全公告获得补丁:
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
Related
oraclelinux
oraclelinux
krb5-appl security update
2011-12-27 00:00:00
krb5 security update
2011-12-27 00:00:00
krb5 security and bug fix update
2012-03-01 00:00:00
redhat
redhat
(RHSA-2011:1851) Critical: krb5 security update
2011-12-27 00:00:00
(RHSA-2011:1853) Critical: krb5 security update
2011-12-28 00:00:00
(RHSA-2011:1852) Critical: krb5-appl security update
2011-12-27 00:00:00
nessus
nessus
RHEL 6 : krb5-appl (RHSA-2011:1854)
2013-01-24 00:00:00
Mandriva Linux Security Advisory : krb5-appl (MDVSA-2011:195)
2011-12-29 00:00:00
zdt
zdt
Cisco Ironport WSA telnetd Remote Code Execution Vulnerability
2014-10-24 00:00:00
packetstorm
packetstorm
Linux BSD-derived Telnet Service Encyption Key ID Buffer Overflow
2011-12-28 00:00:00
FreeBSD Telnet Service Encyption Key ID Buffer Overflow
2011-12-28 00:00:00
FreeBSD telnetd Remote Root
2012-01-16 00:00:00
openvas
openvas
CentOS Update for krb5-devel CESA-2011:1851 centos5
2012-07-30 00:00:00
FreeBSD Ports: krb5-appl
2012-02-13 00:00:00
Fedora Update for krb5-appl FEDORA-2011-17493
2012-03-19 00:00:00
securityvulns
securityvulns
MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]
2012-01-02 00:00:00
MIT / FreeBSD / Cisco telnetd buffer overflow
2012-01-30 00:00:00
FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd
2012-01-02 00:00:00
nvd
nvd
CVE-2011-4862
2011-12-25 01:55:02
freebsd
freebsd
krb5-appl -- telnetd code execution vulnerability
2011-12-23 00:00:00
suse
suse
Security update for heimdal (important)
2012-01-05 12:08:59
Security update for heimdal (important)
2012-01-05 12:36:30
krb5-appl: Fixed remote buffer overflow in ktelnetd (important)
2012-01-05 12:36:18
centos
centos
krb5 security update
2011-12-27 20:44:52
krb5 security update
2011-12-27 21:11:42
debian
debian
[SECURITY] [DSA 2372-1] heimdal security update
2011-12-25 17:14:18
[SECURITY] [DSA 2373-1] inetutils security update
2011-12-25 17:15:34
[SECURITY] [DSA 2375-1] krb5. krb5-appl security update
2011-12-26 13:18:10
debiancve
debiancve
CVE-2011-4862
2011-12-25 01:55:02
saint
saint
Telnetd Encryption Key ID Code Execution
2012-02-11 00:00:00
Telnetd Encryption Key ID Code Execution
2012-02-11 00:00:00
Telnetd Encryption Key ID Code Execution
2012-02-11 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-11:08.telnetd
2011-12-23 00:00:00
cve
cve
CVE-2011-4862
2011-12-25 01:55:02
gentoo
gentoo
Heimdal: Arbitrary code execution
2012-02-22 00:00:00
MIT Kerberos 5 Applications: Multiple vulnerabilities
2012-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2011-4862
2011-12-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:05:32
prion
prion
Buffer overflow
2011-12-25 01:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: krb5-appl-1.0.2-2.fc16
2012-01-05 21:03:02
[SECURITY] Fedora 15 Update: krb5-appl-1.0.1-8.fc15
2012-01-05 20:57:26
checkpoint_advisories
checkpoint_advisories
Multiple Vendors BSD telnetd Encryption Key Buffer Overflow (CVE-2011-4862)
2012-05-14 00:00:00
cisco
cisco
Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
2012-01-26 17:00:00
cvelist
cvelist
CVE-2011-4862
2011-12-25 01:00:00
vmware
vmware
VMware ESXi and ESX address several security issues
2012-03-29 00:00:00
VMware ESXi and ESX address several security issues
2012-03-29 00:00:00