Submitted by Vincent (CVE) Danen on Fri, 09/18/2015 - 00:15
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat would like to thank the MIT Kerberos Development Team and Gaël Delalleau for their responsible disclosure of this issue.
Red Hat Security Errata
|Red Hat Enterprise Linux 3 (telnet)||RHSA-2005:504||2005-06-14|
|Red Hat Enterprise Linux 2.1 (telnet)||RHSA-2005:504||2005-06-14|
|Red Hat Enterprise Linux 3 (krb5)||RHSA-2005:562||2005-07-12|
|Red Hat Enterprise Linux 2.1 (krb5)||RHSA-2005:562||2005-07-12|
|Red Hat Enterprise Linux 4 (telnet)||RHSA-2005:504||2005-06-14|