Account 로그인

A critical flaw was announced today that affects the MIT Kerberos telnet daemon, distributed with all versions of Red Hat Enterprise Linux. With this flaw, an attacker who can access the telnet port of a target machine could log in remotely as root without requiring a password.

The Kerberos telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port.

This flaw is similar to the Solaris telnet daemon flaw reported earlier in the year, but the exact flaw and exploit mechanism are technically slightly different.

While we are not aware of this flaw being actively exploited at this time, we have confirmed that this would not be difficult. We therefore urge all users who have enabled the Kerberos telnet daemon to apply the update as soon as possible, and to disable the daemon in the meantime.

Updated packages to correct this issue, along with more details and advice, are available here, as well as via the Red Hat Network.

Red Hat would like to thank MIT for reporting this flaw. This issue was assigned CVE itentifier CVE-2007-0956 and was reported to the Red Hat security response team on February 21, 2007 with an embargo date of April 3, 2007.


About the author

Red Hat logo LinkedInYouTubeFacebookTwitter

제품

구매 정보

커뮤니케이션

Red Hat 소개

Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.

Red Hat Shares 뉴스레터를 구독하세요

지금 신청하기

언어 선택

© 2022 Red Hat, Inc. Red Hat Summit