CVE-2011-4862

描述

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

受影響套件(7)

• Debian/heimdalfrom 0, < 1.4.0~git20100726.dfsg.1-2+squeeze1
• Debian/heimdalfrom 0, < 1.5.dfsg.1-1
• Debian/inetutilsfrom 0, < 2:1.8-6
• Debian/inetutilsfrom 0, < 2:1.6-3.1+squeeze1
• Debian/krb5from 0, < 1.8+dfsg~aa+r23527-1
• Debian/krb5from 0, < 1.6.dfsg.4~beta1-5lenny7
• Debian/krb5-applfrom 0, < 1:1.0.1-1.2

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-4862