Overview
A vulnerability exists in the version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthorized attacker to log on to the system with elevated privileges.
Description
A vulnerability exists version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthenticated user to login as any valid user, including root. According to MIT krb5 Security Advisory MITKRB5-SA-2007-001: The MIT krb5 telnet daemon fails to adequately check the provided username. A malformed username beginning with "-e" can be interpreted as a command-line flag by the login.krb5 program, which is executed by telnetd. This causes login.krb5 to execute part of the BSD rlogin protocol, where an arbitrary username may be injected, allowing login as that user without a password or any further authentication. |
Impact
A remote attacker could log on to a vulnerable system via telnet with elevated privileges. This impact is limited to authenticated users if the telnet daemon is configured to only allow authenticated login. |
Solution
Apply Patch |
Vendor Information
Debian GNU/Linux Affected
Updated: April 04, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to Debian Security Advisory DSA 1276-1.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Fedora Project Affected
Notified: March 21, 2007 Updated: April 12, 2007
Status
Affected
Vendor Statement
The Fedora Project ships the krb5 telnet daemon in all versions of Fedora Core. Updated packages to correct this issue are available for Fedora Core 5 and 6 along with our advisories at the URLs below:
Fedora Core 6:
https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00008.html
Fedora Core 5:
https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00009.html
This update can also be installed with the 'yum' update program.
Note that the krb5 telnet daemon is not enabled by default in any version of Fedora Core. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Gentoo Linux Affected
Notified: March 21, 2007 Updated: April 04, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to GLSA 200704-02.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MIT Kerberos Development Team Affected
Notified: March 21, 2007 Updated: April 03, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to MITKRB5-SA-2007-001.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc. Affected
Notified: March 21, 2007 Updated: April 05, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to MDKSA-2007:077.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat, Inc. Affected
Notified: March 21, 2007 Updated: April 04, 2007
Status
Affected
Vendor Statement
Red Hat ships the krb5 telnet daemon in all versions of Red Hat Enterprise Linux. Updated packages to correct this issue are available along with our advisory at the URL below, and automatically via the Red Hat Network:
https://rhn.redhat.com/errata/RHSA-2007-0095.html
Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to RHSA-2007-0095.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SUSE Linux Affected
Notified: March 21, 2007 Updated: April 05, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to SUSE-SA:2007:025.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sun Microsystems, Inc. Affected
Notified: March 21, 2007 Updated: April 23, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Sun Enterprise Authentication Mechanism (SEAM) is affected, please see http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Trustix Secure Linux Affected
Notified: March 21, 2007 Updated: April 06, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to Trustix Secure Linux Security Advisory #2007-0012.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Ubuntu Affected
Notified: March 21, 2007 Updated: April 04, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to Ubuntu Security Notice USN-449-1.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
rPath Affected
Updated: April 05, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to rPSA-2007-0063-1.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
AttachmateWRQ, Inc. Not Affected
Notified: March 21, 2007 Updated: April 02, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CyberSafe, Inc. Not Affected
Notified: March 21, 2007 Updated: March 22, 2007
Status
Not Affected
Vendor Statement
The vulnerabilities references by VU#220816 do not apply to any CyberSafe products, including all versions of TrustBroker and Challenger.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Force10 Networks, Inc. Not Affected
Notified: March 21, 2007 Updated: March 28, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Heimdal Kerberos Project Not Affected
Notified: March 21, 2007 Updated: March 30, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett-Packard Company Not Affected
Notified: March 21, 2007 Updated: May 16, 2007
Status
Not Affected
Vendor Statement
HP-UX telnetd(1M) is not vulnerable to CERT VU#220816.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hitachi Not Affected
Notified: March 21, 2007 Updated: April 02, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Intoto Not Affected
Notified: March 21, 2007 Updated: March 28, 2007
Status
Not Affected
Vendor Statement
Intoto products are not vulnerable to the potential buffer overflow attacks on MIT Kerberos documented in this vulnerability note, as this component is not used in Intoto products.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Juniper Networks, Inc. Not Affected
Notified: March 21, 2007 Updated: March 28, 2007
Status
Not Affected
Vendor Statement
Juniper Networks products are not susceptible to this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Corporation Not Affected
Notified: March 21, 2007 Updated: March 28, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NEC Corporation Not Affected
Notified: March 21, 2007 Updated: April 06, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Openwall GNU/*/Linux Not Affected
Notified: March 21, 2007 Updated: March 28, 2007
Status
Not Affected
Vendor Statement
Openwall GNU/*/Linux is not vulnerable. We don't provide Kerberos.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Symantec, Inc. Not Affected
Notified: March 21, 2007 Updated: April 05, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
3com, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
AT&T Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Alcatel Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Apple Computer, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Avici Systems, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Borderware Technologies Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Charlotte's Web Networks Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Check Point Software Technologies Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Chiaro Networks, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cisco Systems, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Clavister Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Computer Associates Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cray Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Data Connection, Ltd. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
EMC, Inc. (formerly Data General Corporation) Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ericsson Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Extreme Networks Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fortinet, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Foundry Networks, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fujitsu Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Global Technology Associates Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hyperchip Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM eServer Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IP Filter Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Immunix Communications, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ingrian Networks, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Intel Corporation Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Internet Security Systems, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
KTH Kerberos Team Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Linksys (A division of Cisco Systems) Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Lucent Technologies Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Luminous Networks Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Multinet (owned Process Software Corporation) Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Multitech, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NetBSD Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Network Appliance, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NextHop Technologies, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nokia Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nortel Networks, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Novell, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
OpenBSD Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
QNX, Software Systems, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Redback Networks, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Riverstone Networks, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Secure Computing Network Security Division Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Secureworx, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sony Corporation Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Stonesoft Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
The SCO Group Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Turbolinux Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Unisys Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Watchguard Technologies, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
ZyXEL Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
eSoft, Inc. Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
netfilter Unknown
Notified: March 21, 2007 Updated: March 21, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
- http://secunia.com/advisories/24757/
- http://secunia.com/advisories/24735/
- http://secunia.com/advisories/24750/
- http://secunia.com/advisories/24740/
- http://secunia.com/advisories/24755/
- http://securitytracker.com/alerts/2007/Apr/1017848.html
Acknowledgements
This issue was reported in MIT krb5 Security Advisory MITKRB5-SA-2007-001.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2007-0956 |
| Severity Metric: | 17.85 |
| Date Public: | 2007-04-03 |
| Date First Published: | 2007-04-03 |
| Date Last Updated: | 2007-05-16 19:23 UTC |
| Document Revision: | 38 |