Your Red Hat account gives you access to your member profile and preferences, and the following services based on your customer status:
Not registered yet? Here are a few reasons why you should be:
- Browse Knowledgebase articles, manage support cases and subscriptions, download updates, and more from one place.
- View users in your organization, and edit their account information, preferences, and permissions.
- Manage your Red Hat certifications, view exam history, and download certification-related logos and documents.
Your Red Hat account gives you access to your member profile, preferences, and other services depending on your customer status.
For your security, if you're on a public computer and have finished using your Red Hat services, please be sure to log out.Log out
A critical flaw was announced today that affects the MIT Kerberos telnet daemon, distributed with all versions of Red Hat Enterprise Linux. With this flaw, an attacker who can access the telnet port of a target machine could log in remotely as root without requiring a password.
The Kerberos telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port.
This flaw is similar to the Solaris telnet daemon flaw reported earlier in the year, but the exact flaw and exploit mechanism are technically slightly different.
While we are not aware of this flaw being actively exploited at this time, we have confirmed that this would not be difficult. We therefore urge all users who have enabled the Kerberos telnet daemon to apply the update as soon as possible, and to disable the daemon in the meantime.
Red Hat would like to thank MIT for reporting this flaw. This issue was assigned CVE itentifier CVE-2007-0956 and was reported to the Red Hat security response team on February 21, 2007 with an embargo date of April 3, 2007.