// For flags

CVE-2007-0956

Unauthorized access via krb5-telnet daemon

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

El demonio telnet (telnetd) en MIT krb5 anterior a 1.6.1 permite a atacantes remotos evitar la validación y ganar accesos al sistema a través de un nombre de usuario comenzando con el carácter '-', un asunto similar a CVE-2007-0882.

A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-14 CVE Reserved
  • 2007-04-05 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-06-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-306: Missing Authentication for Critical Function
CAPEC
References (32)
URL Tag Source
http://secunia.com/advisories/24706 Third Party Advisory
http://secunia.com/advisories/24735 Third Party Advisory
http://secunia.com/advisories/24736 Third Party Advisory
http://secunia.com/advisories/24740 Third Party Advisory
http://secunia.com/advisories/24750 Third Party Advisory
http://secunia.com/advisories/24755 Third Party Advisory
http://secunia.com/advisories/24757 Third Party Advisory
http://secunia.com/advisories/24785 Third Party Advisory
http://secunia.com/advisories/24786 Third Party Advisory
http://secunia.com/advisories/24817 Third Party Advisory
http://www.kb.cert.org/vuls/id/220816 Third Party Advisory
http://www.securityfocus.com/archive/1/464590/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/464666/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/464814/30/7170/threaded Mailing List
http://www.securityfocus.com/bid/23281 Third Party Advisory
http://www.securitytracker.com/id?1017848 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-093B.html Third Party Advisory
http://www.vupen.com/english/advisories/2007/1218 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1249 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33414 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046 Broken Link
URL Date SRC
URL Date SRC
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc 2021-02-02
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html 2021-02-02
http://security.gentoo.org/glsa/glsa-200704-02.xml 2021-02-02
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1 2021-02-02
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt 2021-02-02
http://www.debian.org/security/2007/dsa-1276 2021-02-02
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 2021-02-02
http://www.redhat.com/support/errata/RHSA-2007-0095.html 2021-02-02
http://www.ubuntu.com/usn/usn-449-1 2021-02-02
https://access.redhat.com/security/cve/CVE-2007-0956 2007-04-03
https://bugzilla.redhat.com/show_bug.cgi?id=229782 2007-04-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 < 1.6.1
Search vendor "Mit" for product "Kerberos 5" and version " < 1.6.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 5.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "5.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected