CVE-2011-4862

EXPLOITED IN THE WILD

GNU Inetutils < 1.9 - Buffer Overflow

Title source: rule

Description

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Exploits (10)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/18368
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotebsd
https://www.exploit-db.com/exploits/18369
exploitdb WORKING POC VERIFIED
by NighterMan & BatchDrake · cremotelinux
https://www.exploit-db.com/exploits/18280
nomisec WORKING POC 4 stars
by hdbreaker · remote
https://github.com/hdbreaker/GO-CVE-2011-4862
nomisec WRITEUP 1 stars
by appsecrani · poc
https://github.com/appsecrani/CVE-2011-4862
nomisec WRITEUP 1 stars
by kpawar2410 · poc
https://github.com/kpawar2410/CVE-2011-4862
nomisec WRITEUP
by lol-fi · poc
https://github.com/lol-fi/cve-2011-4862
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb
metasploit WORKING POC GREAT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb
metasploit WORKING POC GREAT
rubypocbsd
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb

References (42)

... and 22 more

Scores

EPSS 0.9258
EPSS Percentile 99.7%

Details

VulnCheck KEV 2011-12-23
InTheWild.io 2021-02-09
CWE
CWE-120
Status published
Products (18)
debian/debian_linux 5.0
debian/debian_linux 6.0
debian/debian_linux 7.0
fedoraproject/fedora 15
fedoraproject/fedora 16
freebsd/freebsd 7.3 - 9.0
gnu/inetutils < 1.9
heimdal_project/heimdal < 1.5.1
mit/krb5-appl < 1.0.2
opensuse/opensuse 11.3
... and 8 more
Published Dec 25, 2011
Tracked Since Feb 18, 2026