Red Hat Customer Portal

Skip to main content

CVE-2005-0488

Impact:
Moderate
Public Date:
2005-06-14

The MITRE CVE dictionary describes this issue as:

Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

Find out more about CVE-2005-0488 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (telnet) RHSA-2005:504 2005-06-14
Red Hat Enterprise Linux 2.1 (telnet) RHSA-2005:504 2005-06-14
Red Hat Enterprise Linux 3 (krb5) RHSA-2005:562 2005-07-12
Red Hat Enterprise Linux 2.1 (krb5) RHSA-2005:562 2005-07-12
Red Hat Enterprise Linux 4 (telnet) RHSA-2005:504 2005-06-14

Acknowledgements

Red Hat would like to thank the MIT Kerberos Development Team and Gaël Delalleau for their responsible disclosure of this issue.