Release DateJan 19, 2012 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates an attack attempt against a Buffer Overflow vulnerability in multiple products using libtelnet/encrypt.c in telnetd.The vulnerability is caused by an error when the software handles a specially crafted telnet request. It allows a remote attacker to execute arbitrary code. |
Affected ProductsFreeBSD 7.3 through 9.0MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier Heimdal 1.5.1 and earlier Red Hat Enterprise Linux 5 server Red Hat Enterprise Linux AS v4 Red Hat Enterprise Linux Desktop v5 client Red Hat Enterprise Linux ES v4 Red Hat Enterprise Linux WS v4 Red Hat Desktop v4 Red Hat Desktop Workstation v5 client |
Recommended ActionsApply the most recent upgrade or patch from the vendor, or refer to their website for suggested workaround.FreeBSD: http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc MIT Kerberos: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt Heimdal: http://www.h5l.org/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-4862 |
Reference/shttp://www.securityfocus.com/bid/51182 (BugTraq) |
