Vulnerabilities > CVE-2005-1205 - Remote Information Disclosure vulnerability in Multiple Vendor Telnet Client
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-033.NASL |
description | The remote version of Windows contains a flaw the Telnet client that could allow an attacker to read the session variables of users connecting to a rogue telnet server. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18486 |
published | 2005-06-14 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18486 |
title | MS05-033: Vulnerability in Telnet Client Could Allow Information Disclosure (896428) |
code |
|
Oval
accepted 2011-05-16T04:00:21.896-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Dragos Prisaca organization Secure Elements, Inc. name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. family windows id oval:org.mitre.oval:def:1132 status accepted submitted 2005-06-22T12:00:00.000-04:00 title Windows XP Telnet Environment Disclosure Vulnerability version 71 accepted 2011-05-16T04:03:14.842-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. family windows id oval:org.mitre.oval:def:605 status accepted submitted 2005-06-22T12:00:00.000-04:00 title Server 2003 Telnet Environment Disclosure Vulnerability version 68 accepted 2011-05-23T04:00:20.495-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Shane Shaffer organization G2, Inc.
description The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. family windows id oval:org.mitre.oval:def:784 status accepted submitted 2005-06-22T12:00:00.000-04:00 title Windows 2000 Telnet Environment Disclosure Vulnerability version 66
References
- http://idefense.com/application/poi/display?id=260&type=vulnerabilities
- http://secunia.com/advisories/15690/
- http://securitytracker.com/id?1014203
- http://www.kb.cert.org/vuls/id/800829
- http://www.securityfocus.com/bid/13940
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-033
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1132
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A605
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A784