(Microsoft Issues Fix) Telnet Client NEW-ENVIRON Command Discloses Information to Remote Users
|
|
SecurityTracker Alert ID: 1014204 |
|
SecurityTracker URL: http://securitytracker.com/id/1014204
|
|
CVE Reference:
CAN-2005-1205
(Links to External Site)
|
Updated: Jul 13 2005
|
Original Entry Date: Jun 14 2005
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
iDEFENSE reported a vulnerability in several Telnet client implementations. A remote user may be able to obtain information from the target user's environment.
Some client implementations do not properly control access to the NEW-ENVIRON command. A remote server can send a specially crafted command to a connected client to obtain the contents of specified environment variables.
A demonstration exploit command is provided:
SB NEW-ENVIRON SEND ENV_USERVAR <name of environment variable> SE
Several vendors were notified on February 18, 2005.
The original advisory is available at:
http://www.idefense.com/application/poi/display?id=260&type=vulnerabilities
CVE-2005-0488 and CVE-2005-1205 are assigned to this vulnerability. The CVE-2005-1205 number refers to Microsoft's Telnet implementation.
|
Impact:
A remote user can obtain the contents of known environment variables on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B8BA775E-E9A7-47E9-81A9-A68A71B9FAAC
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C6161D9E-1672-479E-8BAF-754A64DFAB47
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C23A4E16-E228-4A80-A4CB-9DCEF462B97A
Microsoft Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B281550B-8FAE-4FF3-9BB7-E4BA325779B9
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=22095E78-A559-40EA-8B65-9C727F4E752F
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C23A4E16-E228-4A80-A4CB-9DCEF462B97A
Microsoft Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DCC6840F-E626-4266-A63A-CDDEC0EC44D6
Microsoft Windows Services for UNIX 3.5 when running on Windows 2000:
/downloads/details.aspx?FamilyId=7c3dd615-b82d-4520-9c3a-376283b01d5b
Microsoft Windows Services for UNIX 3.0 when running on Windows 2000:
/downloads/details.aspx?FamilyId=8eaad650-54db-44bc-ac9b-fc8a50f5a3b5
Microsoft Windows Services for UNIX 2.2 when running on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=32c4e286-2c4d-491a-9e05-4ca0b055d5dc
Microsoft Windows Services for UNIX 2.1 when running on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=a41c701c-c0bb-40b3-88c5-ccc484202b2c
Microsoft Windows Services for UNIX 2.0 when running on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=bda20bf9-6abf-487d-9334-c75fd7227274
A restart is not required.
Microsoft Windows 2000 SP3 and Microsoft Windows 2000 SP4 are not affected.
|
Vendor URL: www.microsoft.com/technet/security/Bulletin/MS05-033.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 14 Jun 2005 16:22:01 -0400
Subject: http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx
|
http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx
|
|
