CVE-2005-0488
published 2005-06-14CVE-2005-0488: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
16.81%
96.7th percentile
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.8.3+dfsg-4 (bookworm) | krb5 1.8.3+dfsg-4 (bookworm) |
| debian | netkit-telnet | < krb5 1.8.3+dfsg-4 (bookworm) | krb5 1.8.3+dfsg-4 (bookworm) |
| microsoft | telnet_client | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.8.3+dfsg-4 | 1.8.3+dfsg-4 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-4 | 1.8.3+dfsg-4 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-4 | 1.8.3+dfsg-4 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-4 | 1.8.3+dfsg-4 |
| sun | sunos | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r4w9-9whg-94xw: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment
ghsa_unreviewed·2022-05-01
CVE-2005-0488 [MEDIUM] GHSA-r4w9-9whg-94xw: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
OSV
CVE-2005-0488: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment
osv·2005-06-14·CVSS 5.0
CVE-2005-0488 [MEDIUM] CVE-2005-0488: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Red Hat
security flaw
vendor_redhat·2005-06-14·CVSS 5.0
CVE-2005-0488 [MEDIUM] security flaw
security flaw
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2005-0488: krb5 - Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux...
vendor_debian·2005·CVSS 5.0
CVE-2005-0488 [MEDIUM] CVE-2005-0488: krb5 - Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux...
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Scope: local
bookworm: resolved (fixed in 1.8.3+dfsg-4)
bullseye: resolved (fixed in 1.8.3+dfsg-4)
forky: resolved (fixed in 1.8.3+dfsg-4)
sid: resolved (fixed in 1.8.3+dfsg-4)
trixie: resolved (fixed in 1.8.3+dfsg-4)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-0488 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2005-0488 [MEDIUM] CVE-2005-0488 security flaw
CVE-2005-0488 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Acknowledgments:
Red Hat would like to thank the MIT Kerberos Development Team and Gaël Delalleau for their responsible disclosure of this issue.
Bugzilla
CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)
bugzilla·2005-10-25·CVSS 7.5
CVE-2004-0488 [HIGH] CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)
CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)
Multiple flaws in Stronghold 4.0 mod_ssl
A stack buffer overflow in mod_ssl. If FakeBasicAuth had been enabled, a
carefully crafted client certificate sent to mod_ssl can cause a stack
overflow. In order to exploit this issue, the malicious certificate would
have to be signed by a Certificate Authority which mod_ssl is configured to
trust. (CVE-2004-0488)
The mod_ssl module, when using the "SSLCipherSuite" directive in directory
or location context, allowed remote clients to bypass intended restrictions
by using any cipher suite that is allowed by the virtual host
configuration. (CVE-2004-0885)
A flaw in mod_ssl triggered if a virtual host was configured using
"SSLVerifyClient optional" and a directive "SSLVerifyClient required"
http://idefense.com/application/poi/display?id=260&type=vulnerabilitieshttp://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlhttp://secunia.com/advisories/17135http://secunia.com/advisories/21253http://securitytracker.com/id?1014203http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1http://www.kb.cert.org/vuls/id/800829http://www.novell.com/linux/security/advisories/2005_16_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2005-504.htmlhttp://www.redhat.com/support/errata/RHSA-2005-562.htmlhttp://www.securityfocus.com/bid/13940http://www.securityfocus.com/bid/19289http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlhttp://www.vupen.com/english/advisories/2006/3101https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11373https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1139http://idefense.com/application/poi/display?id=260&type=vulnerabilitieshttp://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlhttp://secunia.com/advisories/17135http://secunia.com/advisories/21253http://securitytracker.com/id?1014203http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1http://www.kb.cert.org/vuls/id/800829http://www.novell.com/linux/security/advisories/2005_16_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2005-504.htmlhttp://www.redhat.com/support/errata/RHSA-2005-562.htmlhttp://www.securityfocus.com/bid/13940http://www.securityfocus.com/bid/19289http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlhttp://www.vupen.com/english/advisories/2006/3101https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11373https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1139
2005-06-14
Published