cbcvebase.
CVE-2005-0488
published 2005-06-14

CVE-2005-0488: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables…

PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
16.81%
96.7th percentile
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiankrb5< krb5 1.8.3+dfsg-4 (bookworm)krb5 1.8.3+dfsg-4 (bookworm)
debiannetkit-telnet< krb5 1.8.3+dfsg-4 (bookworm)krb5 1.8.3+dfsg-4 (bookworm)
microsofttelnet_client
mitkerberos_5
mitkrb5>= 0 < 1.8.3+dfsg-41.8.3+dfsg-4
mitkrb5>= 0 < 1.8.3+dfsg-41.8.3+dfsg-4
mitkrb5>= 0 < 1.8.3+dfsg-41.8.3+dfsg-4
mitkrb5>= 0 < 1.8.3+dfsg-41.8.3+dfsg-4
sunsunos

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.