CVE-2011-4862 PoC — FreeBSD ‘telnetd’ 缓冲区错误漏洞

Source

https://github.com/lol-fi/cve-2011-4862

Associated Vulnerability

Title:FreeBSD ‘telnetd’ 缓冲区错误漏洞 (CVE-2011-4862)
Description:Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Readme

# cve-2011-4862

I originally tried to use diff to make a patch.
I patched it the way I thought it would be, before looking
at the real patch.
encrypt.patch is this original patch that I made with teh
diff.
However, when we tried applying this patch to freeBSD, 
it would not accept it.

Instead, we had to fetch the real patch. I then changed the patch
to implement the fix the way I originally thought it should. This works
because it puts the whole path into the patch.

In the patch, we simply check the length compared to MAXLENGTH.
If it's bigger than that, set it to 0.
This way, it falls into the case of len = 0, which
errors out. This fixes it :-)

Here is an explanation of how to apply a patch in freeBSD.
https://www.freebsd.org/security/advisories/FreeBSD-SA-11:08.telnetd.asc
Simply use this patch instead of fetching the real one.
It will work, and you will no longer be able to exploit the buffer overflow.

File Snapshot


 [4.0K]  /data/pocs/7964a78cff32c3ec87051dec05229cd70225a228
├── [ 394]  encrypt.patch
├── [ 924]  README.md
└── [ 835]  telnetd.patch

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!