CVE-2007-0956

Name: CVE-2007-0956
Creator: NVD / NIST
Published: 2007-04-06T01:19:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 29.84%

Last modified Jun 16, 2026

CVE-2007-0956 is a vulnerability of currently unknown severity. The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.. EPSS estimates a 29.84% chance of exploitation in the next 30 days.

Description

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

Metrics

EPSS Probability

29.84%

98.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-306

Affected Software

Vendor	Product	Versions
Mit	Kerberos 5	< 1.6.1
Debian	Debian Linux	3.1
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	5.10
Canonical	Ubuntu Linux	6.06
Canonical	Ubuntu Linux	6.10

References

ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.ascBroken Link
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlBroken Link
http://secunia.com/advisories/24706Third Party Advisory
http://secunia.com/advisories/24735Third Party Advisory
http://secunia.com/advisories/24736Third Party Advisory
http://secunia.com/advisories/24740Third Party Advisory
http://secunia.com/advisories/24750Third Party Advisory
http://secunia.com/advisories/24755Third Party Advisory
http://secunia.com/advisories/24757Third Party Advisory
http://secunia.com/advisories/24785Third Party Advisory
http://secunia.com/advisories/24786Third Party Advisory
http://secunia.com/advisories/24817Third Party Advisory
http://security.gentoo.org/glsa/glsa-200704-02.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1Broken Link
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txtVendor Advisory
http://www.debian.org/security/2007/dsa-1276Third Party Advisory
http://www.kb.cert.org/vuls/id/220816Third Party Advisory, US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0095.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/464590/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/464666/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/464814/30/7170/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/23281Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1017848Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-449-1Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlThird Party Advisory, US Government Resource
http://www.vupen.com/english/advisories/2007/1218Third Party Advisory
http://www.vupen.com/english/advisories/2007/1249Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33414Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046Broken Link, Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.ascBroken Link
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlBroken Link
http://secunia.com/advisories/24706Third Party Advisory
http://secunia.com/advisories/24735Third Party Advisory
http://secunia.com/advisories/24736Third Party Advisory
http://secunia.com/advisories/24740Third Party Advisory
http://secunia.com/advisories/24750Third Party Advisory
http://secunia.com/advisories/24755Third Party Advisory
http://secunia.com/advisories/24757Third Party Advisory
http://secunia.com/advisories/24785Third Party Advisory
http://secunia.com/advisories/24786Third Party Advisory
http://secunia.com/advisories/24817Third Party Advisory
http://security.gentoo.org/glsa/glsa-200704-02.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1Broken Link
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txtVendor Advisory
http://www.debian.org/security/2007/dsa-1276Third Party Advisory
http://www.kb.cert.org/vuls/id/220816Third Party Advisory, US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0095.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/464590/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/464666/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/464814/30/7170/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/23281Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1017848Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-449-1Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlThird Party Advisory, US Government Resource
http://www.vupen.com/english/advisories/2007/1218Third Party Advisory
http://www.vupen.com/english/advisories/2007/1249Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33414Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046Broken Link, Third Party Advisory

Timeline

Published: Apr 6, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-0956?

How severe is CVE-2007-0956?

Severity scoring for CVE-2007-0956 is pending analysis. The EPSS model estimates a 29.84% probability of exploitation in the next 30 days.

How do I fix CVE-2007-0956?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-0956?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST