Severity: Unknown
Affected Package: telnetd
Summary: telnetd remote buffer overflow allows arbitrary code execution as root
The telnet daemon does not validate the length of a supplied encryption key before copying it into a fixed-size buffer. An attacker who can connect to telnetd can overflow the buffer and execute arbitrary code with the privileges of the daemon, which is normally root. This is a remotely exploitable root compromise.
No specific recommendations provided.
Aliases: CVE-2011-4862
Published: December 23, 2011
Last Modified: December 23, 2011