CVE-2011-4862

Name: CVE-2011-4862
Creator: NVD / NIST
Published: 2011-12-25T01:55:02.21+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 95.10%

Last modified Jun 16, 2026

CVE-2011-4862 is a vulnerability of currently unknown severity. Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.. EPSS estimates a 95.10% chance of exploitation in the next 30 days.

Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Metrics

EPSS Probability

95.10%

99.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions	Update
Gnu	Inetutils	< 1.9	—
Heimdal Project	Heimdal	<= 1.5.1	—
Mit	Krb5-Appl	<= 1.0.2	—
Freebsd	Freebsd	>= 7.3, <= 9.0	—
Fedoraproject	Fedora	15	—
Fedoraproject	Fedora	16	—
Debian	Debian Linux	5.0	—
Debian	Debian Linux	6.0	—
Debian	Debian Linux	7.0	—
Opensuse	Opensuse	11.3	—
Opensuse	Opensuse	11.4	—
Suse	Linux Enterprise Desktop	10	Sp4
Suse	Linux Enterprise Desktop	11	Sp1
Suse	Linux Enterprise Server	9	—
Suse	Linux Enterprise Server	10	Sp2
Suse	Linux Enterprise Server	11	Sp1
Suse	Linux Enterprise Software Development Kit	10	Sp4
Suse	Linux Enterprise Software Development Kit	11	Sp1

References

http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.htmlBroken Link
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592Patch, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.htmlThird Party Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.htmlVendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.htmlVendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.htmlVendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.htmlVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.htmlMailing List, Third Party Advisory
http://osvdb.org/78020Broken Link
http://secunia.com/advisories/46239Third Party Advisory
http://secunia.com/advisories/47341Third Party Advisory
http://secunia.com/advisories/47348Third Party Advisory
http://secunia.com/advisories/47357Third Party Advisory
http://secunia.com/advisories/47359Third Party Advisory
http://secunia.com/advisories/47373Third Party Advisory
http://secunia.com/advisories/47374Third Party Advisory
http://secunia.com/advisories/47397Third Party Advisory
http://secunia.com/advisories/47399Third Party Advisory
http://secunia.com/advisories/47441Third Party Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.ascMitigation, Vendor Advisory
http://security.freebsd.org/patches/SA-11:08/telnetd.patchPatch, Vendor Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txtPatch, Vendor Advisory
http://www.debian.org/security/2011/dsa-2372Third Party Advisory
http://www.debian.org/security/2011/dsa-2373Third Party Advisory
http://www.debian.org/security/2011/dsa-2375Third Party Advisory
http://www.exploit-db.com/exploits/18280/Exploit, Third Party Advisory, VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1851.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1852.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1853.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1854.htmlThird Party Advisory
http://www.securitytracker.com/id?1026460Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1026463Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970Third Party Advisory, VDB Entry
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.htmlBroken Link
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592Patch, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.htmlThird Party Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.htmlVendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.htmlVendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.htmlVendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.htmlVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.htmlMailing List, Third Party Advisory
http://osvdb.org/78020Broken Link
http://secunia.com/advisories/46239Third Party Advisory
http://secunia.com/advisories/47341Third Party Advisory
http://secunia.com/advisories/47348Third Party Advisory
http://secunia.com/advisories/47357Third Party Advisory
http://secunia.com/advisories/47359Third Party Advisory
http://secunia.com/advisories/47373Third Party Advisory
http://secunia.com/advisories/47374Third Party Advisory
http://secunia.com/advisories/47397Third Party Advisory
http://secunia.com/advisories/47399Third Party Advisory
http://secunia.com/advisories/47441Third Party Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.ascMitigation, Vendor Advisory
http://security.freebsd.org/patches/SA-11:08/telnetd.patchPatch, Vendor Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txtPatch, Vendor Advisory
http://www.debian.org/security/2011/dsa-2372Third Party Advisory
http://www.debian.org/security/2011/dsa-2373Third Party Advisory
http://www.debian.org/security/2011/dsa-2375Third Party Advisory
http://www.exploit-db.com/exploits/18280/Exploit, Third Party Advisory, VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1851.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1852.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1853.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1854.htmlThird Party Advisory
http://www.securitytracker.com/id?1026460Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1026463Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970Third Party Advisory, VDB Entry

Timeline

Published: Dec 25, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-4862?

How severe is CVE-2011-4862?

Severity scoring for CVE-2011-4862 is pending analysis. The EPSS model estimates a 95.10% probability of exploitation in the next 30 days.

How do I fix CVE-2011-4862?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-4862?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST