CVE-2011-4862

Name of the Vulnerable Software and Affected Versions krb5-appl-clients versions 1.0.1 krb5-devel versions 1.2.7 through 1.6.1 krb5 versions 1.6.1 krb5-devel-64bit (affected versions not specified) krb5-workstation versions 1.2.7 through 1.6.1 krb5-libs versions 1.2.7 through 1.6.1 krb5-appl (affected versions not specified) krb5-appl-servers versions 1.0.1 krb5-64bit (affected versions not specified) krb5-server versions 1.2.7 through 1.6.1 krb5-server-ldap versions 1.6.1

Description The issue may lead to a disruption of confidentiality, integrity, and availability of protected information. It can be exploited remotely. A buffer overflow in libtelnet/encrypt.c in telnetd allows remote attackers to execute arbitrary code via a long encryption key.

Recommendations For krb5-appl-clients version 1.0.1, update to a version that is not affected by this issue. For krb5-devel versions 1.2.7 through 1.6.1, update to a version that is not affected by this issue. For krb5 versions 1.6.1, update to a version that is not affected by this issue. For krb5-devel-64bit, update to a version that is not affected by this issue. For krb5-workstation versions 1.2.7 through 1.6.1, update to a version that is not affected by this issue. For krb5-libs versions 1.2.7 through 1.6.1, update to a version that is not affected by this issue. For krb5-appl, update to a version that is not affected by this issue. For krb5-appl-servers version 1.0.1, update to a version that is not affected by this issue. For krb5-64bit, update to a version that is not affected by this issue. For krb5-server versions 1.2.7 through 1.6.1, update to a version that is not affected by this issue. For krb5-server-ldap version 1.6.1, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.