SUMMARY ======= The telnet daemon (telnetd) in MIT krb5 (and in krb5-appl after the applications were moved to a separate distribution for krb5-1.8) is vulnerable to a buffer overflow. The flaw does not require authentication to exploit. Exploit code is reported to be actively used in the wild. IMPACT ====== An unauthenticated remote attacker can cause a buffer overflow and probably execute arbitrary code with the privileges of the telnet daemon (normally root). Reproducible: Always
+*mit-krb5-appl-1.0.2-r1 (26 Dec 2011) + + 26 Dec 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-appl-1.0.2-r1.ebuild, + +files/CVE-2011-4862.patch: + security bump - bug #396137 + @security: Please stabilize =app-crypt/mit-krb5-appl-1.0.2-r1. Thank you.
Thanks Eray. Arches, please test and mark stable: =app-crypt/mit-krb5-appl-1.0.2-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
@Eras, missing sys-libs/e2fsprogs-libs and sys-libs/ncurses as RDEPEND. amd64 stable
(In reply to comment #3) > @Eras, missing sys-libs/e2fsprogs-libs and sys-libs/ncurses as RDEPEND. Indeed. Added. Thank you.
ppc/ppc64 done
Stable for HPPA.
CVE-2011-4862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4862): Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, and Heimdal 1.5.1 and earlier allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
x86 stable
alpha/arm/ia64/m68k/s390/sh/sparc stable
Thanks, everyone. Filed GLSA request.
This issue was resolved and addressed in GLSA 201201-14 at http://security.gentoo.org/glsa/glsa-201201-14.xml by GLSA coordinator Sean Amoss (ackle).
