Vulnerability CVE-2005-1205

Vulnerability Name:

CVE-2005-1205 (CCN-20813)

Assigned:

2005-06-14

Published:

2005-06-14

Updated:

2018-10-12

Summary:

The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2005-0488

Source: MITRE
Type: CNA
CVE-2005-1205

Source: CCN
Type: Apple Security Update 2006-004
About Security Update 2006-004

Source: IDEFENSE
Type: Patch, Vendor Advisory
20050614 Multiple Vendor Telnet Client Information Disclosure Vulnerability

Source: CCN
Type: RHSA-2005-504
telnet security update

Source: CCN
Type: RHSA-2005-562
krb5 security update

Source: CCN
Type: SA15690
Microsoft Telnet Client Information Disclosure Weakness

Source: SECUNIA
Type: Patch, Vendor Advisory
15690

Source: CCN
Type: SA21253
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1014203
Telnet Client NEW-ENVIRON Command Discloses Information to Remote Users

Source: SECTRACK
Type: UNKNOWN
1014203

Source: CCN
Type: Sun Alert ID: 101665
Buffer Overflow in telnet(1) Client Software

Source: CCN
Type: iDEFENSE Security Advisory 06.14.05
Multiple Vendor Telnet Client Information Disclosure Vulnerability

Source: CCN
Type: US-CERT VU#800829
Telnet Client Information Disclosure Vulnerability

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#800829

Source: CCN
Type: Microsoft Security Bulletin MS05-033
Vulnerability in Telnet Client Could Allow Information Disclosure (896428)

Source: BID
Type: UNKNOWN
13940

Source: CCN
Type: BID-13940
Multiple Vendor Telnet Client Remote Information Disclosure Vulnerability

Source: CCN
Type: BID-19289
Apple Mac OS X Multiple Security Vulnerabilities

Source: MS
Type: UNKNOWN
MS05-033

Source: XF
Type: UNKNOWN
telnet-obtain-information(20813)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1132

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:605

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:784

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

OR cpe:/a:microsoft:windows_services_for_unix:3.0:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:sun:solaris:7.0::sparc:*:*:*:*:*

OR cpe:/a:microsoft:windows_services_for_unix:3.5:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

OR cpe:/a:mit:kerberos:-:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:784	V	Windows 2000 Telnet Environment Disclosure Vulnerability	2011-05-23
oval:org.mitre.oval:def:605	V	Server 2003 Telnet Environment Disclosure Vulnerability	2011-05-16
oval:org.mitre.oval:def:1132	V	Windows XP Telnet Environment Disclosure Vulnerability	2011-05-16

BACK