NVD Vulnerability Detail

CVE-2007-0956

Summary	The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
Summary	El demonio telnet (telnetd) en MIT krb5 anterior a 1.6.1 permite a atacantes remotos evitar la validación y ganar accesos al sistema a través de un nombre de usuario comenzando con el carácter '-', un asunto similar a CVE-2007-0882.
Publication Date	April 6, 2007, 10:19 a.m.
Registration Date	Jan. 29, 2021, 2:07 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mit:kerberos_5::::::::				1.6.1
cpe:2.3:o:debian:debian_linux:3.1:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

Related information, measures and tools

No	URL	refsource
1	ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc	cve@mitre.org
2	http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html	cve@mitre.org
3	http://secunia.com/advisories/24706	cve@mitre.org
4	http://secunia.com/advisories/24735	cve@mitre.org
5	http://secunia.com/advisories/24736	cve@mitre.org
6	http://secunia.com/advisories/24740	cve@mitre.org
7	http://secunia.com/advisories/24750	cve@mitre.org
8	http://secunia.com/advisories/24755	cve@mitre.org
9	http://secunia.com/advisories/24757	cve@mitre.org
10	http://secunia.com/advisories/24785	cve@mitre.org
11	http://secunia.com/advisories/24786	cve@mitre.org
12	http://secunia.com/advisories/24817	cve@mitre.org
13	http://security.gentoo.org/glsa/glsa-200704-02.xml	cve@mitre.org
14	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1	cve@mitre.org
15	http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt	cve@mitre.org
16	http://www.debian.org/security/2007/dsa-1276	cve@mitre.org
17	http://www.kb.cert.org/vuls/id/220816	cve@mitre.org
18	http://www.mandriva.com/security/advisories?name=MDKSA-2007:077	cve@mitre.org
19	http://www.redhat.com/support/errata/RHSA-2007-0095.html	cve@mitre.org
20	http://www.securityfocus.com/archive/1/464590/100/0/threaded	cve@mitre.org
21	http://www.securityfocus.com/archive/1/464666/100/0/threaded	cve@mitre.org
22	http://www.securityfocus.com/archive/1/464814/30/7170/threaded	cve@mitre.org
23	http://www.securityfocus.com/bid/23281	cve@mitre.org
24	http://www.securitytracker.com/id?1017848	cve@mitre.org
25	http://www.ubuntu.com/usn/usn-449-1	cve@mitre.org
26	http://www.us-cert.gov/cas/techalerts/TA07-093B.html	cve@mitre.org
27	http://www.vupen.com/english/advisories/2007/1218	cve@mitre.org
28	http://www.vupen.com/english/advisories/2007/1249	cve@mitre.org
29	https://exchange.xforce.ibmcloud.com/vulnerabilities/33414	cve@mitre.org
30	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046	cve@mitre.org
31	ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc	af854a3a-2127-422b-91ae-364da2661108
32	http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html	af854a3a-2127-422b-91ae-364da2661108
33	http://secunia.com/advisories/24706	af854a3a-2127-422b-91ae-364da2661108
34	http://secunia.com/advisories/24735	af854a3a-2127-422b-91ae-364da2661108
35	http://secunia.com/advisories/24736	af854a3a-2127-422b-91ae-364da2661108
36	http://secunia.com/advisories/24740	af854a3a-2127-422b-91ae-364da2661108
37	http://secunia.com/advisories/24750	af854a3a-2127-422b-91ae-364da2661108
38	http://secunia.com/advisories/24755	af854a3a-2127-422b-91ae-364da2661108
39	http://secunia.com/advisories/24757	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/24785	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/24786	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/24817	af854a3a-2127-422b-91ae-364da2661108
43	http://security.gentoo.org/glsa/glsa-200704-02.xml	af854a3a-2127-422b-91ae-364da2661108
44	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1	af854a3a-2127-422b-91ae-364da2661108
45	http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt	af854a3a-2127-422b-91ae-364da2661108
46	http://www.debian.org/security/2007/dsa-1276	af854a3a-2127-422b-91ae-364da2661108
47	http://www.kb.cert.org/vuls/id/220816	af854a3a-2127-422b-91ae-364da2661108
48	http://www.mandriva.com/security/advisories?name=MDKSA-2007:077	af854a3a-2127-422b-91ae-364da2661108
49	http://www.redhat.com/support/errata/RHSA-2007-0095.html	af854a3a-2127-422b-91ae-364da2661108
50	http://www.securityfocus.com/archive/1/464590/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
51	http://www.securityfocus.com/archive/1/464666/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
52	http://www.securityfocus.com/archive/1/464814/30/7170/threaded	af854a3a-2127-422b-91ae-364da2661108
53	http://www.securityfocus.com/bid/23281	af854a3a-2127-422b-91ae-364da2661108
54	http://www.securitytracker.com/id?1017848	af854a3a-2127-422b-91ae-364da2661108
55	http://www.ubuntu.com/usn/usn-449-1	af854a3a-2127-422b-91ae-364da2661108
56	http://www.us-cert.gov/cas/techalerts/TA07-093B.html	af854a3a-2127-422b-91ae-364da2661108
57	http://www.vupen.com/english/advisories/2007/1218	af854a3a-2127-422b-91ae-364da2661108
58	http://www.vupen.com/english/advisories/2007/1249	af854a3a-2127-422b-91ae-364da2661108
59	https://exchange.xforce.ibmcloud.com/vulnerabilities/33414	af854a3a-2127-422b-91ae-364da2661108
60	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-306	重要な機能に対する認証の欠如解説	https://cwe.mitre.org/data/definitions/306.html