CVE-2007-0956
published 2007-04-06CVE-2007-0956: The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a…
PriorityP358critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
29.84%
98.0th percentile
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.4.4-8 (bookworm) | krb5 1.4.4-8 (bookworm) |
| mit | kerberos_5 | < 1.6.1 | 1.6.1 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0HIGH
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
krb5 vulnerabilities
vendor_ubuntu·2007-04-04·CVSS 10.0
CVE-2007-0956 [CRITICAL] krb5 vulnerabilities
Title: krb5 vulnerabilities
Summary: krb5 vulnerabilities
The krb5 telnet service did not appropriately verify user names. A
remote attacker could log in as the root user by requesting a specially
crafted user name. (CVE-2007-0956)
The krb5 syslog library did not correctly verify the size of log
messages. A remote attacker could send a specially crafted message and
execute arbitrary code with root privileges. (CVE-2007-0957)
The krb5 administration service was vulnerable to a double-free in the
GSS RPC library. A remote attacker could send a specially crafted
request and execute arbitrary code with root privileges. (CVE-2007-1216)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
Unauthorized access via krb5-telnet daemon
vendor_redhat·2007-04-03·CVSS 10.0
CVE-2007-0956 [CRITICAL] Unauthorized access via krb5-telnet daemon
Unauthorized access via krb5-telnet daemon
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
Debian
CVE-2007-0956: krb5 - The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to ...
vendor_debian·2007·CVSS 10.0
CVE-2007-0956 [CRITICAL] CVE-2007-0956: krb5 - The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to ...
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
Scope: local
bookworm: resolved (fixed in 1.4.4-8)
bullseye: resolved (fixed in 1.4.4-8)
forky: resolved (fixed in 1.4.4-8)
sid: resolved (fixed in 1.4.4-8)
trixie: resolved (fixed in 1.4.4-8)
GHSA
GHSA-gcgf-6qp7-hmmv: The telnet daemon (telnetd) in MIT krb5 before 1
ghsa_unreviewed·2022-05-03·CVSS 10.0
CVE-2007-0956 [CRITICAL] CWE-306 GHSA-gcgf-6qp7-hmmv: The telnet daemon (telnetd) in MIT krb5 before 1
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
OSV
CVE-2007-0956: The telnet daemon (telnetd) in MIT krb5 before 1
osv·2007-04-06·CVSS 10.0
CVE-2007-0956 [CRITICAL] CVE-2007-0956: The telnet daemon (telnetd) in MIT krb5 before 1
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-4381 java: Vulnerability in the font parsing code
bugzilla·2007-08-20·CVSS 9.3
CVE-2007-4381 [CRITICAL] CVE-2007-4381 java: Vulnerability in the font parsing code
CVE-2007-4381 java: Vulnerability in the font parsing code
Sun describes a flaw at
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1:
A vulnerability in the font parsing code in the Java Runtime Environment may
allow an untrusted applet to elevate its privileges. For example, an applet may
grant itself permissions to read and write local files or execute local
applications that are accessible to the user running the untrusted applet.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux version 4 Extras
RHEL Supplementary version 5
Via RHSA-2007:0829 https://rhn.redhat.com/errata/RHSA-2007-0829.html
---
This issue has been addressed in following products:
RHEL Supplementary version 5
Via RHSA-2007:0956 https://rhn.redhat.com/er
Bugzilla
CVE-2007-0956 Unauthorized access via krb5-telnet daemon
bugzilla·2007-02-23·CVSS 10.0
CVE-2007-0956 [CRITICAL] CVE-2007-0956 Unauthorized access via krb5-telnet daemon
CVE-2007-0956 Unauthorized access via krb5-telnet daemon
The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary
user, when presented with a specially crafted username. This is a vulnerability
in an application program; it is not a bug in the MIT krb5 libraries or in the
Kerberos protocol.
A user can gain unauthorized access to any account (including root) on a host
running telnetd. Whether the attacker needs to authenticate depends on the
configuration of telnetd on that host.
The telnetd in all releases of MIT krb5, up to and including krb5-1.6 are affected.
Discussion:
Note that by default we do not enable telnetd in RHEL and the firewall in RHEL
defaults to blocking external access to telnet.
A server would be vulnerable to this flaw only if they enable krb
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.aschttp://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlhttp://secunia.com/advisories/24706http://secunia.com/advisories/24735http://secunia.com/advisories/24736http://secunia.com/advisories/24740http://secunia.com/advisories/24750http://secunia.com/advisories/24755http://secunia.com/advisories/24757http://secunia.com/advisories/24785http://secunia.com/advisories/24786http://secunia.com/advisories/24817http://security.gentoo.org/glsa/glsa-200704-02.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txthttp://www.debian.org/security/2007/dsa-1276http://www.kb.cert.org/vuls/id/220816http://www.mandriva.com/security/advisories?name=MDKSA-2007:077http://www.redhat.com/support/errata/RHSA-2007-0095.htmlhttp://www.securityfocus.com/archive/1/464590/100/0/threadedhttp://www.securityfocus.com/archive/1/464666/100/0/threadedhttp://www.securityfocus.com/archive/1/464814/30/7170/threadedhttp://www.securityfocus.com/bid/23281http://www.securitytracker.com/id?1017848http://www.ubuntu.com/usn/usn-449-1http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlhttp://www.vupen.com/english/advisories/2007/1218http://www.vupen.com/english/advisories/2007/1249https://exchange.xforce.ibmcloud.com/vulnerabilities/33414https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.aschttp://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlhttp://secunia.com/advisories/24706http://secunia.com/advisories/24735http://secunia.com/advisories/24736http://secunia.com/advisories/24740http://secunia.com/advisories/24750http://secunia.com/advisories/24755http://secunia.com/advisories/24757http://secunia.com/advisories/24785http://secunia.com/advisories/24786http://secunia.com/advisories/24817http://security.gentoo.org/glsa/glsa-200704-02.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txthttp://www.debian.org/security/2007/dsa-1276http://www.kb.cert.org/vuls/id/220816http://www.mandriva.com/security/advisories?name=MDKSA-2007:077http://www.redhat.com/support/errata/RHSA-2007-0095.htmlhttp://www.securityfocus.com/archive/1/464590/100/0/threadedhttp://www.securityfocus.com/archive/1/464666/100/0/threadedhttp://www.securityfocus.com/archive/1/464814/30/7170/threadedhttp://www.securityfocus.com/bid/23281http://www.securitytracker.com/id?1017848http://www.ubuntu.com/usn/usn-449-1http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlhttp://www.vupen.com/english/advisories/2007/1218http://www.vupen.com/english/advisories/2007/1249https://exchange.xforce.ibmcloud.com/vulnerabilities/33414https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046
2007-04-06
Published