CVE-2007-0956

 

Published at: - 06-04-2007 03:19

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt
• DSA-1276-Third Party Advisory
• RHSA-2007:0095-Third Party Advisory
• USN-449-1-Third Party Advisory
• VU#220816-Third Party Advisory, US Government Resource
• 24706-Third Party Advisory
• 24736-Third Party Advisory
• 24757-Third Party Advisory
• GLSA-200704-02-Third Party Advisory
• 20070401-01-P-Broken Link
• 102867-Broken Link
• SUSE-SA:2007:025-Broken Link
• 23281-Third Party Advisory, VDB Entry
• 1017848-Third Party Advisory, VDB Entry
• 24740-Third Party Advisory
• 24750-Third Party Advisory
• 24755-Third Party Advisory
• 24785-Third Party Advisory
• 24786-Third Party Advisory
• 24817-Third Party Advisory
• 24735-Third Party Advisory
• MDKSA-2007:077-Third Party Advisory
• TA07-093B-Third Party Advisory, US Government Resource
• ADV-2007-1218-Third Party Advisory
• ADV-2007-1249-Third Party Advisory
• kerberos-telnet-security-bypass(33414)-Third Party Advisory, VDB Entry
• oval:org.mitre.oval:def:10046-Broken Link, Third Party Advisory
• 20070405 FLEA-2007-0008-1: krb5-Third Party Advisory, VDB Entry
• 20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation-Third Party Advisory, VDB Entry
• 20070403 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]-Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2007-0956

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures