Vulnerability in MIT Kerberos Telnet servers
|
FNAL Critical Vulnerability Platform: All Product: Kerberos Telnet servers Exploitation: Login as arbitrary user Patch By: As soon as patches are made available or disable the telnetd service if it is not required A vulnerability exists in the MIT Kerberos Telnet server (telnetd) which permits arbitrary login. MIT has provided a patch for this flaw, and it is currently working its way through to various vendors for release. FNAL is working on integrating the patch into the FNAL Kerberos Telnet server products and we will announce when it is available for installation. If you are not using the FNAL version of Kerberos telnetd (the Telnet server service which accepts inbound telnet connections) but instead utilize a Kerberos Telnet server service offered by your operating system vendor, please consult your vendor for a patch. If you do not require inbound Telnet access, please consider disabling this service. MIT reference URL: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt http://www.kb.cert.org/vuls/id/220816 |
|
For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by JK on Jan 12, 2007. (Address comments about page to the Computer Security Team.) |
