Red Hat, Inc. Information for VU#220816
MIT Kerberos 5 telnet daemon allows login as arbitrary user
- Vendor Information Help Date Notified: 21 Mar 2007
- Statement Date:
- Date Updated: 04 Apr 2007
Red Hat ships the krb5 telnet daemon in all versions of Red Hat Enterprise Linux. Updated packages to correct this issue are available along with our advisory at the URL below, and automatically via the Red Hat Network:
Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to RHSA-2007-0095.
If you have feedback, comments, or additional information about this vulnerability, please send us email.