Vulnerability Note VU#800829
Telnet Client Information Disclosure Vulnerability
A vulnerability in the handling of the NEW-ENVIRON command allows a malicious telnet server to gain information from a client's environment variables.
The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command-line login sessions between Internet hosts.
The vulnerability is in the NEW-ENVIRON sub-command that is the mechanism to used for passing environment information between a telnet client and server. Use of this mechanism enables a telnet user to propagate configuration information to a remote host when connecting. Please see RFC1572 for more information. As specified in section 3 of RFC1572 the expected default behavior should be "that there will not be any exchange of environment information".
An attacker may be able to gather information about remote systems and users who connect to attackers malicious telnet server. An attacker would have to trick a victim into initiating a telnet connection using a vulnerable client. This may be accomplished with an HTML rendered email or web page, using the TELNET:// URI handler, however further user interaction may be required.
Apply an update from your vendor
Patches, updates, and fixes should be available from multiple vendors.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||14 Jun 2005|
|Red Hat Inc.||Affected||-||28 Jul 2005|
|Sun Microsystems Inc.||Affected||-||14 Jun 2005|
CVSS Metrics (Learn More)
GaŽl Delalleau is credited with this discovery. Thank you to iDefense for coordinating the release of information about this issue.
This document was written by Robert Mead based on information in the iDEFENSE Security Advisory
- CVE IDs: CAN-2005-0488
- Date Public: 14 Jun 2005
- Date First Published: 14 Jun 2005
- Date Last Updated: 28 Jul 2005
- Severity Metric: 0.17
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.