Bug 229782 (CVE-2007-0956)
Summary: | CVE-2007-0956 Unauthorized access via krb5-telnet daemon | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marcel Holtmann <holtmann> |
Component: | vulnerability | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | jplans, nmiell, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RHSA-2007-0095 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-04-03 18:21:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marcel Holtmann
2007-02-23 14:36:08 UTC
Note that by default we do not enable telnetd in RHEL and the firewall in RHEL defaults to blocking external access to telnet. A server would be vulnerable to this flaw only if they enable krb5 telnetd using "chkconfig krb5-telnet on" and set the firewall to allow incoming connections to the telnet port. Embargo moved by MIT to 20070403 Note that this issue is similar to the telnetd flaw found in Solaris: http://www.kb.cert.org/vuls/id/881872 However the technicalities of the flaw are different, and exploitation is different. Therefore the exploits for the Solaris telnetd flaw, and the worm that exploits the Solaris issue do not successfully exploit this issue. Whilst we are not aware of this issue currently being exploited we have confirmed that an exploit is possible and is fairly easy to create. Now public, removing embargo An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0095.html *** Bug 228233 has been marked as a duplicate of this bug. *** |