Red Hat, Inc. Information for VU#220816

MIT Kerberos 5 telnet daemon allows login as arbitrary user

Status

Affected

Vendor Statement

Red Hat ships the krb5 telnet daemon in all versions of Red Hat Enterprise Linux. Updated packages to correct this issue are available along with our advisory at the URL below, and automatically via the Red Hat Network:

https://rhn.redhat.com/errata/RHSA-2007-0095.html

Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Refer to RHSA-2007-0095.

If you have feedback, comments, or additional information about this vulnerability, please send us email.