CVE-2007-0956

Name of the Vulnerable Software and Affected Versions: MIT krb5 versions prior to 1.6.1 MIT krb5 versions prior to 1.5.2-r1

Description: The issue allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character. Multiple vulnerabilities in the mit-krb5 package can lead to violations of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely by an attacker who has passed the authentication procedure.

Recommendations: For versions prior to 1.6.1, update to version 1.6.1 or later to resolve the issue. For versions prior to 1.5.2-r1, update to version 1.5.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the telnet daemon (telnetd) until a patch is available. Avoid using usernames beginning with a '-' character in the affected system until the issue is resolved.