CVE-2007-0956 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2007-0956

CVE-2007-0956

April 06, 2007

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

Related Resources (30)

http://secunia.com/advisories/24740

ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc

http://secunia.com/advisories/24735

http://www.securitytracker.com/id?1017848

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1

http://www.us-cert.gov/cas/techalerts/TA07-093B.html

http://secunia.com/advisories/24786

http://www.securityfocus.com/bid/23281

http://www.securityfocus.com/archive/1/464666/100/0/threaded

http://www.kb.cert.org/vuls/id/220816

https://exchange.xforce.ibmcloud.com/vulnerabilities/33414

http://www.ubuntu.com/usn/usn-449-1

http://secunia.com/advisories/24706

http://www.securityfocus.com/archive/1/464590/100/0/threaded

http://www.vupen.com/english/advisories/2007/1218

http://secunia.com/advisories/24750

http://secunia.com/advisories/24736

http://security.gentoo.org/glsa/glsa-200704-02.xml

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt

http://www.redhat.com/support/errata/RHSA-2007-0095.html

http://secunia.com/advisories/24817

http://www.mandriva.com/security/advisories?name=MDKSA-2007:077

http://www.debian.org/security/2007/dsa-1276

http://secunia.com/advisories/24755

http://www.vupen.com/english/advisories/2007/1249

http://secunia.com/advisories/24757

http://secunia.com/advisories/24785

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046

http://www.securityfocus.com/archive/1/464814/30/7170/threaded

http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html

Do you need more information?

CVSS v4

Base Score:

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

EPSS

Base Score:

21.91

Products

Solutions

Resources

Company

Compare

Developer Tools