SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Telnet Vendors:   Microsoft
(Microsoft Issues Fix) Telnet Client NEW-ENVIRON Command Discloses Information to Remote Users
SecurityTracker Alert ID:  1014204
SecurityTracker URL:  http://securitytracker.com/id/1014204
CVE Reference:   CVE-2005-1205   (Links to External Site)
Updated:  Jul 13 2005
Original Entry Date:  Jun 14 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   iDEFENSE reported a vulnerability in several Telnet client implementations. A remote user may be able to obtain information from the target user's environment.

Some client implementations do not properly control access to the NEW-ENVIRON command. A remote server can send a specially crafted command to a connected client to obtain the contents of specified environment variables.

A demonstration exploit command is provided:

SB NEW-ENVIRON SEND ENV_USERVAR <name of environment variable> SE

Several vendors were notified on February 18, 2005.

The original advisory is available at:

http://www.idefense.com/application/poi/display?id=260&type=vulnerabilities

CVE-2005-0488 and CVE-2005-1205 are assigned to this vulnerability. The CVE-2005-1205 number refers to Microsoft's Telnet implementation.

Impact:   A remote user can obtain the contents of known environment variables on the target user's system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B8BA775E-E9A7-47E9-81A9-A68A71B9FAAC

Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium):

http://www.microsoft.com/downloads/details.aspx?FamilyId=C6161D9E-1672-479E-8BAF-754A64DFAB47

Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium):

http://www.microsoft.com/downloads/details.aspx?FamilyId=C23A4E16-E228-4A80-A4CB-9DCEF462B97A

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B281550B-8FAE-4FF3-9BB7-E4BA325779B9

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=22095E78-A559-40EA-8B65-9C727F4E752F

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C23A4E16-E228-4A80-A4CB-9DCEF462B97A

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=DCC6840F-E626-4266-A63A-CDDEC0EC44D6

Microsoft Windows Services for UNIX 3.5 when running on Windows 2000:

/downloads/details.aspx?FamilyId=7c3dd615-b82d-4520-9c3a-376283b01d5b

Microsoft Windows Services for UNIX 3.0 when running on Windows 2000:

/downloads/details.aspx?FamilyId=8eaad650-54db-44bc-ac9b-fc8a50f5a3b5

Microsoft Windows Services for UNIX 2.2 when running on Windows 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=32c4e286-2c4d-491a-9e05-4ca0b055d5dc

Microsoft Windows Services for UNIX 2.1 when running on Windows 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=a41c701c-c0bb-40b3-88c5-ccc484202b2c

Microsoft Windows Services for UNIX 2.0 when running on Windows 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bda20bf9-6abf-487d-9334-c75fd7227274

A restart is not required.

Microsoft Windows 2000 SP3 and Microsoft Windows 2000 SP4 are not affected.

Vendor URL:  www.microsoft.com/technet/security/Bulletin/MS05-033.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)
Underlying OS Comments:  XP SP2, 2003 SP1; and prior service packs; Also Windows 2000 when running Microsoft Windows Services for UNIX 2.2, 3.0, and 3.5

Message History:   This archive entry is a follow-up to the message listed below.
Jun 14 2005 Telnet Client NEW-ENVIRON Command Discloses Information to Remote Users



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC