You are here

CVE-2005-0488

Vincent (CVE) Danen's picture
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

Details Source

Mitre

Statement

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Public Date

2005-06-14 00:00:00

Impact

Moderate

CVSS Status

draft

Acknowledgements

Red Hat would like to thank the MIT Kerberos Development Team and Gaƫl Delalleau for their responsible disclosure of this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (telnet) RHSA-2005:504 2005-06-14
Red Hat Enterprise Linux 2.1 (telnet) RHSA-2005:504 2005-06-14
Red Hat Enterprise Linux 3 (krb5) RHSA-2005:562 2005-07-12
Red Hat Enterprise Linux 2.1 (krb5) RHSA-2005:562 2005-07-12
Red Hat Enterprise Linux 4 (telnet) RHSA-2005:504 2005-06-14