Fedora Project Information for VU#220816
MIT Kerberos 5 telnet daemon allows login as arbitrary user
- Vendor Information Help Date Notified: 21 Mar 2007
- Statement Date:
- Date Updated: 12 Apr 2007
The Fedora Project ships the krb5 telnet daemon in all versions of Fedora Core. Updated packages to correct this issue are available for Fedora Core 5 and 6 along with our advisories at the URLs below:
Fedora Core 6:
Fedora Core 5:
This update can also be installed with the 'yum' update program.
Note that the krb5 telnet daemon is not enabled by default in any version of Fedora Core. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.
The vendor has not provided us with any further information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.