피드 구독

A critical flaw was announced today that affects the MIT Kerberos telnet daemon, distributed with all versions of Red Hat Enterprise Linux. With this flaw, an attacker who can access the telnet port of a target machine could log in remotely as root without requiring a password.

The Kerberos telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port.

This flaw is similar to the Solaris telnet daemon flaw reported earlier in the year, but the exact flaw and exploit mechanism are technically slightly different.

While we are not aware of this flaw being actively exploited at this time, we have confirmed that this would not be difficult. We therefore urge all users who have enabled the Kerberos telnet daemon to apply the update as soon as possible, and to disable the daemon in the meantime.

Updated packages to correct this issue, along with more details and advice, are available here, as well as via the Red Hat Network.

Red Hat would like to thank MIT for reporting this flaw. This issue was assigned CVE itentifier CVE-2007-0956 and was reported to the Red Hat security response team on February 21, 2007 with an embargo date of April 3, 2007.


저자 소개

UI_Icon-Red_Hat-Close-A-Black-RGB

채널별 검색

automation icon

오토메이션

기술, 팀, 인프라를 위한 IT 자동화 최신 동향

AI icon

인공지능

고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트

open hybrid cloud icon

오픈 하이브리드 클라우드

하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요

security icon

보안

환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보

edge icon

엣지 컴퓨팅

엣지에서의 운영을 단순화하는 플랫폼 업데이트

Infrastructure icon

인프라

세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보

application development icon

애플리케이션

복잡한 애플리케이션에 대한 솔루션 더 보기

Original series icon

오리지널 쇼

엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리