A vulnerability exists in the version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthorized attacker to log on to the system with elevated privileges.
A vulnerability exists version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthenticated user to login as any valid user, including root. According to MIT krb5 Security Advisory MITKRB5-SA-2007-001:
The MIT krb5 telnet daemon fails to adequately check the provided username. A malformed username beginning with "-e" can be interpreted as a command-line flag by the login.krb5 program, which is executed by telnetd. This causes login.krb5 to execute part of the BSD rlogin protocol, where an arbitrary username may be injected, allowing login as that user without a password or any further authentication.
A remote attacker could log on to a vulnerable system via telnet with elevated privileges. This impact is limited to authenticated users if the telnet daemon is configured to only allow authenticated login.
This issue was reported in MIT krb5 Security Advisory MITKRB5-SA-2007-001
|Date First Published:||2007-04-03|
|Date Last Updated:||2007-05-16 19:23 UTC|