This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
It is possible to log into the remote host using telnet without
supplying any credentials.
An authentication bypass vulnerability exists in the MIT krb5 telnet
daemon due to a failure to sanitize malformed usernames. This allows
usernames beginning with '-e' to be interpreted as a command-line flag
by the login.krb5 program. A remote attacker can exploit this, via a
crafted username, to cause login.krb5 to execute part of the BSD
rlogin protocol, which in turn allows the attacker to login with an
arbitrary username without a password or any further authentication.
See also :
Apply the fixes described in MIT krb5 Security Advisory 2007-001, or
contact your vendor for a patch.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.6
Public Exploit Available : true
Family: Gain a shell remotely
Nessus Plugin ID: 24998 (krb_telnet_env.nasl)
Bugtraq ID: 23281
CVE ID: CVE-2007-0956
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.