CVE-2007-0956 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0956
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0956

Description: The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/33414 UBUNTU http://www.ubuntu.com/usn/usn-449-1 SUSE http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1 ST 1017848 SGI SAID Secunia Advisory: SA24755 Secunia Advisory: SA24750 Secunia Advisory: SA24740 Secunia Advisory: SA24757 Secunia Advisory: SA24706 Secunia Advisory: SA24736 Secunia Advisory: SA24785 Secunia Advisory: SA24786 Secunia Advisory: SA24817 Secunia Advisory: SA24735 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0095.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 GENTOO http://security.gentoo.org/glsa/glsa-200704-02.xml DEBIAN http://www.debian.org/security/2007/dsa-1276 CONFIRM http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt CERT-VN 220816 CERT http://www.us-cert.gov/cas/techalerts/TA07-093B.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/464814/30/7170/threaded http://www.securityfocus.com/archive/1/archive/1/464666/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/464590/100/0/threaded BID 23281

Return to the previous page.