CVE-2011-4862

EXPLOITED IN THE WILD

GNU Inetutils < 1.9 - Buffer Overflow

Title source: rule

Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Exploits (10)

nomisec WORKING POC 4 stars
by hdbreaker · remote
https://github.com/hdbreaker/GO-CVE-2011-4862
nomisec WRITEUP 1 stars
by kpawar2410 · poc
https://github.com/kpawar2410/CVE-2011-4862
nomisec WRITEUP 1 stars
by appsecrani · poc
https://github.com/appsecrani/CVE-2011-4862
nomisec WRITEUP
by lol-fi · poc
https://github.com/lol-fi/cve-2011-4862
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotebsd
https://www.exploit-db.com/exploits/18369
metasploit WORKING POC GREAT
rubypocbsd
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb
exploitdb WORKING POC VERIFIED
by NighterMan & BatchDrake · cremotelinux
https://www.exploit-db.com/exploits/18280
metasploit WORKING POC GREAT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/18368
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb

References (42)

... and 22 more

Scores

EPSS 0.9258
EPSS Percentile 99.7%

Exploitation Intel

VulnCheck KEV 2011-12-23
InTheWild.io 2021-02-09

Classification

CWE
CWE-120
Status draft

Affected Products (21)

gnu/inetutils < 1.9
heimdal_project/heimdal < 1.5.1
mit/krb5-appl < 1.0.2
freebsd/freebsd < 9.0
fedoraproject/fedora
fedoraproject/fedora
debian/debian_linux
debian/debian_linux
debian/debian_linux
opensuse/opensuse
opensuse/opensuse
suse/linux_enterprise_desktop
suse/linux_enterprise_desktop
suse/linux_enterprise_server
suse/linux_enterprise_server
... and 6 more

Timeline

Published Dec 25, 2011
Tracked Since Feb 18, 2026