CVE-2007-0956 — Missing Authentication for Critical Function in Kerberos 5

CWE-306 — Missing Authentication for Critical Function9 documents8 sources

Severity

10.0CRITICALNVD

EPSS

21.9%

top 4.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5 Canonical Ubuntu Linux +1 more

Timeline

PublishedApr 6

Latest updateMay 3

Description

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianmit/krb5< 1.4.4-8+3

▶NVDmit/kerberos_5< 1.6.1

Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 5.10, 6.06, 6.10

🔴Vulnerability Details

GHSA

GHSA-gcgf-6qp7-hmmv: The telnet daemon (telnetd) in MIT krb5 before 1↗2022-05-03

▶

CVEList

CVE-2007-0956: The telnet daemon (telnetd) in MIT krb5 before 1↗2007-04-06

▶

OSV

CVE-2007-0956: The telnet daemon (telnetd) in MIT krb5 before 1↗2007-04-06

▶

📋Vendor Advisories

Ubuntu

krb5 vulnerabilities↗2007-04-04

▶

Red Hat

Unauthorized access via krb5-telnet daemon↗2007-04-03

▶

Debian

CVE-2007-0956: krb5 - The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to ...↗2007

▶

💬Community

Bugzilla

CVE-2007-4381 java: Vulnerability in the font parsing code↗2007-08-20

▶

Bugzilla

CVE-2007-0956 Unauthorized access via krb5-telnet daemon↗2007-02-23

▶