Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
2011-12-25T01:55:02.210
2025-04-11T00:51:21.963
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gnu | inetutils | < 1.9 | Yes |
| Application | heimdal_project | heimdal | ≤ 1.5.1 | Yes |
| Application | mit | krb5-appl | ≤ 1.0.2 | Yes |
| Operating System | freebsd | freebsd | ≤ 9.0 | Yes |
| Operating System | fedoraproject | fedora | 15 | Yes |
| Operating System | fedoraproject | fedora | 16 | Yes |
| Operating System | debian | debian_linux | 5.0 | Yes |
| Operating System | debian | debian_linux | 6.0 | Yes |
| Operating System | debian | debian_linux | 7.0 | Yes |
| Operating System | opensuse | opensuse | 11.3 | Yes |
| Operating System | opensuse | opensuse | 11.4 | Yes |
| Operating System | suse | linux_enterprise_desktop | 10 | Yes |
| Operating System | suse | linux_enterprise_desktop | 11 | Yes |
| Operating System | suse | linux_enterprise_server | 9 | Yes |
| Operating System | suse | linux_enterprise_server | 10 | Yes |
| Operating System | suse | linux_enterprise_server | 10 | Yes |
| Operating System | suse | linux_enterprise_server | 10 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 10 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 11 | Yes |