CVE-2007-0956
krb5 - several vulnerabilities
EPSS 26.4%
Description
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
How to fix CVE-2007-0956
To remediate CVE-2007-0956, upgrade the affected package to a fixed version below.
- Debian/krb5—upgrade to 1.4.4-8 or later
- Debian/krb5—upgrade to 1.3.6-2sarge4 or later
Is CVE-2007-0956 being exploited?
Moderate — EPSS is 26.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.4.4-8
- from 0, < 1.3.6-2sarge4