Fedora Project Information for VU#220816

MIT Kerberos 5 telnet daemon allows login as arbitrary user

Status

Affected

Vendor Statement

The Fedora Project ships the krb5 telnet daemon in all versions of Fedora Core. Updated packages to correct this issue are available for Fedora Core 5 and 6 along with our advisories at the URLs below:

Fedora Core 6:
https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00008.html

Fedora Core 5:
https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00009.html

This update can also be installed with the 'yum' update program.

Note that the krb5 telnet daemon is not enabled by default in any version of Fedora Core. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.