10

CVE-2007-0956

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version < 1.6.1
DebianDebian Linux Version3.1
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version5.10
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.84% 0.98
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc
Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html
Broken Link
http://secunia.com/advisories/24706
Third Party Advisory
http://secunia.com/advisories/24735
Third Party Advisory
http://secunia.com/advisories/24736
Third Party Advisory
http://secunia.com/advisories/24740
Third Party Advisory
http://secunia.com/advisories/24750
Third Party Advisory
http://secunia.com/advisories/24755
Third Party Advisory
http://secunia.com/advisories/24757
Third Party Advisory
http://secunia.com/advisories/24785
Third Party Advisory
http://secunia.com/advisories/24786
Third Party Advisory
http://secunia.com/advisories/24817
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200704-02.xml
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1
Broken Link
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt
Vendor Advisory
http://www.debian.org/security/2007/dsa-1276
Third Party Advisory
http://www.kb.cert.org/vuls/id/220816
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0095.html
Third Party Advisory
http://www.securityfocus.com/archive/1/464590/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/464666/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/464814/30/7170/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/23281
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1017848
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-449-1
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-093B.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2007/1218
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1249
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33414
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046
Third Party Advisory
Broken Link