CVE-2005-0468
krb4 - buffer overflows
EPSS 58.5%
Description
Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
How to fix CVE-2005-0468
To remediate CVE-2005-0468, upgrade the affected package to a fixed version below.
- Debian/krb4—upgrade to 1.1-8-2.4 or later
- Debian/krb5—upgrade to 1.3.6-2 or later
- Debian/krb5—upgrade to 1.2.4-5woody8 or later
Is CVE-2005-0468 being exploited?
Likely — EPSS is 58.5%, placing CVE-2005-0468 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 1.1-8-2.4
- from 0, < 1.3.6-2
- from 0, < 1.2.4-5woody8