Bug 229782 (CVE-2007-0956) - CVE-2007-0956 Unauthorized access via krb5-telnet daemon
Summary: CVE-2007-0956 Unauthorized access via krb5-telnet daemon
Status: CLOSED ERRATA
Alias: CVE-2007-0956
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
(Show other bugs)
Version: unspecified
Hardware: All Linux
urgent
urgent
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard: impact=critical,source=mit,reported=2...
Keywords: Security
: 228233 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-23 14:36 UTC by Marcel Holtmann
Modified: 2018-08-15 22:29 UTC (History)
3 users (show)

Fixed In Version: RHSA-2007-0095
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-03 18:21:32 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0095 normal SHIPPED_LIVE Critical: krb5 security update 2007-04-03 18:21:23 UTC

Description Marcel Holtmann 2007-02-23 14:36:08 UTC
The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary
user, when presented with a specially crafted username. This is a vulnerability
in an application program; it is not a bug in the MIT krb5 libraries or in the
Kerberos protocol.

A user can gain unauthorized access to any account (including root) on a host
running telnetd. Whether the attacker needs to authenticate depends on the
configuration of telnetd on that host.

The telnetd in all releases of MIT krb5, up to and including krb5-1.6 are affected.

Comment 1 Mark J. Cox 2007-02-23 14:59:46 UTC
Note that by default we do not enable telnetd in RHEL and the firewall in RHEL
defaults to blocking external access to telnet.  

A server would be vulnerable to this flaw only if they enable krb5 telnetd using
"chkconfig krb5-telnet on" and set the firewall to allow incoming connections to
the telnet port.


Comment 4 Mark J. Cox 2007-03-06 08:52:44 UTC
Embargo moved by MIT to 20070403

Comment 8 Mark J. Cox 2007-03-27 10:20:21 UTC
Note that this issue is similar to the telnetd flaw found in Solaris:
http://www.kb.cert.org/vuls/id/881872
However the technicalities of the flaw are different, and exploitation is
different.  Therefore the exploits for the Solaris telnetd flaw, and the worm
that exploits the Solaris issue do not successfully exploit this issue.  

Whilst we are not aware of this issue currently being exploited we have
confirmed that an exploit is possible and is fairly easy to create.

Comment 10 Mark J. Cox 2007-04-03 18:08:30 UTC
Now public, removing embargo

Comment 11 Red Hat Bugzilla 2007-04-03 18:21:32 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0095.html


Comment 12 Lubomir Kundrak 2008-04-08 12:51:10 UTC
*** Bug 228233 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.