CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.7%
CentOS Errata and Security Advisory CESA-2007:0095
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. (CVE-2007-0956)
Note that the krb5 telnet daemon is not enabled by default in any version
of Red Hat Enterprise Linux. In addition, the default firewall rules block
remote access to the telnet port. This flaw does not affect the telnet
daemon distributed in the telnet-server package.
For users who have enabled the krb5 telnet daemon and have it accessible
remotely, this update should be applied immediately.
Whilst we are not aware at this time that the flaw is being actively
exploited, we have confirmed that the flaw is very easily exploitable.
This update also fixes two additional security issues:
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. (CVE-2007-0957)
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within
glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux
4 and 5 successful exploitation of this issue can only lead to a denial of
service. Applications which use this library in earlier releases of Red
Hat Enterprise Linux may also be affected. (CVE-2007-1216)
All users are advised to update to these erratum packages which contain a
backported fix to correct these issues.
Red Hat would like to thank MIT and iDefense for reporting these
vulnerabilities.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-April/075800.html
https://lists.centos.org/pipermail/centos-announce/2007-April/075801.html
https://lists.centos.org/pipermail/centos-announce/2007-April/075804.html
https://lists.centos.org/pipermail/centos-announce/2007-April/075806.html
https://lists.centos.org/pipermail/centos-announce/2007-April/075807.html
https://lists.centos.org/pipermail/centos-announce/2007-April/075810.html
https://lists.centos.org/pipermail/centos-announce/2007-April/075818.html
https://lists.centos.org/pipermail/centos-announce/2007-April/075819.html
Affected packages:
krb5-devel
krb5-libs
krb5-server
krb5-workstation
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0095
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | krb5-devel | < 1.2.7-61 | krb5-devel-1.2.7-61.i386.rpm |
CentOS | 3 | i386 | krb5-libs | < 1.2.7-61 | krb5-libs-1.2.7-61.i386.rpm |
CentOS | 3 | i386 | krb5-server | < 1.2.7-61 | krb5-server-1.2.7-61.i386.rpm |
CentOS | 3 | i386 | krb5-workstation | < 1.2.7-61 | krb5-workstation-1.2.7-61.i386.rpm |
CentOS | 3 | x86_64 | krb5-devel | < 1.2.7-61 | krb5-devel-1.2.7-61.x86_64.rpm |
CentOS | 3 | i386 | krb5-libs | < 1.2.7-61 | krb5-libs-1.2.7-61.i386.rpm |
CentOS | 3 | x86_64 | krb5-libs | < 1.2.7-61 | krb5-libs-1.2.7-61.x86_64.rpm |
CentOS | 3 | x86_64 | krb5-server | < 1.2.7-61 | krb5-server-1.2.7-61.x86_64.rpm |
CentOS | 3 | x86_64 | krb5-workstation | < 1.2.7-61 | krb5-workstation-1.2.7-61.x86_64.rpm |
CentOS | 3 | ia64 | krb5-devel | < 1.2.7-61 | krb5-devel-1.2.7-61.ia64.rpm |