Buffer Overflow Affecting inetutils package, versions <2:1.8-6
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN8-INETUTILS-280373
- published 25 Dec 2011
- disclosed 25 Dec 2011
Introduced: 25 Dec 2011
CVE-2011-4862 Open this link in a new tabHow to fix?
Upgrade Debian:8
inetutils
to version 2:1.8-6 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream inetutils
package and not the inetutils
package as distributed by Debian
.
See How to fix?
for Debian:8
relevant fixed versions and status.
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
References
- ADVISORY
- Debian Security Advisory
- Debian Security Advisory
- Debian Security Advisory
- Exploit DB
- Fedora Security Announcement
- Fedora Security Announcement
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
- http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
- http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
- http://osvdb.org/78020
- http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
- http://security.freebsd.org/patches/SA-11:08/telnetd.patch
- http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Security Tracker
- Security Tracker
- X-force Vulnerability Report
- secteam@freebsd.org
- secteam@freebsd.org
- secteam@freebsd.org
- secteam@freebsd.org
- secteam@freebsd.org
- Exploit DB