First published: Tue Jun 14 2005(Updated: )
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Telnet Client | =5.1.2600.2180 | |
MIT Kerberos 5 Application | =1.3.4 | |
Sun SunOS | =5.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2005-0488 is classified as a medium severity vulnerability due to its potential to expose sensitive environment variables.
To fix CVE-2005-0488, disable the NEW-ENVIRON option on your Telnet clients or upgrade to an unaffected version.
CVE-2005-0488 affects certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux.
Yes, CVE-2005-0488 can be exploited remotely by malicious Telnet servers that can send crafted commands.
CVE-2005-0488 can allow remote attackers to read sensitive environment variables from the affected Telnet clients.