FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5-appl -- telnetd code execution vulnerability

Affected packages
7.3 <= FreeBSD < 7.3_9
7.4 <= FreeBSD < 7.4_5
8.1 <= FreeBSD < 8.1_7
8.2 <= FreeBSD < 8.2_5
krb5-appl < 1.0.2_1

Details

VuXML ID 4ddc78dc-300a-11e1-a2aa-0016ce01e285
Discovery 2011-12-23
Entry 2011-12-26
Modified 2012-01-29

The MIT Kerberos Team reports:

When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. Also see MITKRB5-SA-2011-008.

References

CVE Name CVE-2011-4862
FreeBSD Advisory SA-11:08.telnetd
URL http://security.FreeBSD.org/advisories/FreeBSD-SA-11:08.telnetd.asc
URL http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt