CVE-2007-0956

MIT krb5 <1.6.1 - Auth Bypass

Title source: llm

Description

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

References (30)

[Broken Link] ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc

[Broken Link] http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html

[Third Party Advisory] http://secunia.com/advisories/24706

[Third Party Advisory] http://secunia.com/advisories/24735

[Third Party Advisory] http://secunia.com/advisories/24736

[Third Party Advisory] http://secunia.com/advisories/24740

[Third Party Advisory] http://secunia.com/advisories/24750

[Third Party Advisory] http://secunia.com/advisories/24755

[Third Party Advisory] http://secunia.com/advisories/24757

[Third Party Advisory] http://secunia.com/advisories/24785

[Third Party Advisory] http://secunia.com/advisories/24786

[Third Party Advisory] http://secunia.com/advisories/24817

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200704-02.xml

[Broken Link] http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1

[Vendor Advisory] http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt

[Third Party Advisory] http://www.debian.org/security/2007/dsa-1276

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/220816

[Third Party Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2007:077

[Third Party Advisory] http://www.redhat.com/support/errata/RHSA-2007-0095.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/464590/100/0/threaded

... and 10 more

Scores

EPSS 0.2191

EPSS Percentile 95.7%

Classification

CWE

CWE-306

Status draft

Affected Products (6)

mit/kerberos_5 < 1.6.1

debian/debian_linux

canonical/ubuntu_linux

Timeline

Published Apr 06, 2007

Tracked Since Feb 18, 2026