10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through
9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier,
Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products
allows remote attackers to execute arbitrary code via a long encryption
key, as exploited in the wild in December 2011.
Author | Note |
---|---|
jdstrand | from DSA: “Kerberos support for telnetd contains a pre-authentication buffer overflow”. did not check if this is protected via stack-protector yet |
mdeslaur | all affected code is in universe binaries |