CVE-2007-0956 : Detail

CVE-2007-0956

Authorization problems
A07-Identif. and Authent. Fail
21.17%V3
Network
2007-04-05
23h00 +00:00
2018-10-16
12h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Metrics

Metrics Score Severity CVSS Vector Source
V2 10 AV:N/AC:L/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Products Mentioned

Configuraton 0

Mit>>Kerberos_5 >> Version To (excluding) 1.6.1

Configuraton 0

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 4.0

Configuraton 0

Canonical>>Ubuntu_linux >> Version 5.10

Canonical>>Ubuntu_linux >> Version 6.06

Canonical>>Ubuntu_linux >> Version 6.10

References

http://www.vupen.com/english/advisories/2007/1218
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/24706
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24740
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0095.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.kb.cert.org/vuls/id/220816
Tags : third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/24786
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA07-093B.html
Tags : third-party-advisory, x_refsource_CERT
http://www.debian.org/security/2007/dsa-1276
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/24735
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1017848
Tags : vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/23281
Tags : vdb-entry, x_refsource_BID
http://secunia.com/advisories/24750
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24817
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24757
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24755
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1249
Tags : vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/24785
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.ubuntu.com/usn/usn-449-1
Tags : vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/24736
Tags : third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200704-02.xml
Tags : vendor-advisory, x_refsource_GENTOO