CVE-2011-4862
Published: 25 December 2011
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Notes
| Author | Note |
|---|---|
| jdstrand | from DSA: "Kerberos support for telnetd contains a pre-authentication buffer overflow". did not check if this is protected via stack-protector yet |
| mdeslaur | all affected code is in universe binaries |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
heimdal Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Not vulnerable
(1.6git20120311.dfsg.1-2)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Not vulnerable
(1.6git20120311.dfsg.1-2)
|
|
| upstream |
Released
(1.5.2)
|
|
| utopic |
Not vulnerable
(1.6git20120311.dfsg.1-2)
|
|
| vivid |
Not vulnerable
(1.6git20120311.dfsg.1-2)
|
|
| wily |
Not vulnerable
(1.6git20120311.dfsg.1-2)
|
|
| xenial |
Not vulnerable
(1.6git20120311.dfsg.1-2)
|
|
| yakkety |
Not vulnerable
(1.6git20120311.dfsg.1-2)
|
|
| zesty |
Not vulnerable
(1.6git20120311.dfsg.1-2)
|
|
|
Patches: vendor: http://www.debian.org/security/2011/dsa-2372 |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
inetutils Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Not vulnerable
(2:1.8-6)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Not vulnerable
(2:1.8-6)
|
|
| upstream |
Released
(1.9)
|
|
| utopic |
Not vulnerable
(2:1.8-6)
|
|
| vivid |
Not vulnerable
(2:1.8-6)
|
|
| wily |
Not vulnerable
(2:1.8-6)
|
|
| xenial |
Not vulnerable
(2:1.8-6)
|
|
| yakkety |
Not vulnerable
(2:1.8-6)
|
|
| zesty |
Not vulnerable
(2:1.8-6)
|
|
|
Patches: vendor: http://www.debian.org/security/2011/dsa-2373 |
||
|
krb5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Not vulnerable
(code not present)
|
|
| maverick |
Not vulnerable
(code not present)
|
|
| natty |
Not vulnerable
(code not present)
|
|
| oneiric |
Not vulnerable
(code not present)
|
|
| precise |
Not vulnerable
(code not present)
|
|
| quantal |
Not vulnerable
(code not present)
|
|
| raring |
Not vulnerable
(code not present)
|
|
| saucy |
Not vulnerable
(code not present)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(code not present)
|
|
| vivid |
Not vulnerable
(code not present)
|
|
| wily |
Not vulnerable
(code not present)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| yakkety |
Not vulnerable
(code not present)
|
|
| zesty |
Not vulnerable
(code not present)
|
|
|
Patches: vendor: http://www.debian.org/security/2011/dsa-2375 |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
krb5-appl Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
Patches: vendor: http://www.debian.org/security/2011/dsa-2375 |
||