CVE-2005-0488 — Microsoft Telnet Client vulnerability

8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

10.2%

top 6.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 Microsoft Telnet Client MIT Kerberos 5 +1 more

Timeline

PublishedJun 14

Latest updateMay 1

Description

Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDmicrosoft/telnet_client5.1.2600.2180

▶Debianmit/krb5< 1.8.3+dfsg-4+3

▶NVDsun/sunos5.9

▶NVDmit/kerberos_51.3.4

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-r4w9-9whg-94xw: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment↗2022-05-01

▶

OSV

CVE-2005-0488: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment↗2005-06-14

▶

CVEList

CVE-2005-0488: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment↗2005-06-14

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-06-14

▶

Debian

CVE-2005-0488: krb5 - Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux...↗2005

▶

💬Community

Bugzilla

CVE-2005-0488 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)↗2005-10-25

▶