ID CVE-2005-1205
Summary The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
  • accepted 2011-05-16T04:00:21.896-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Secure Elements, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
    family windows
    id oval:org.mitre.oval:def:1132
    status accepted
    submitted 2005-06-22T12:00:00.000-04:00
    title Windows XP Telnet Environment Disclosure Vulnerability
    version 70
  • accepted 2011-05-16T04:03:14.842-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
    family windows
    id oval:org.mitre.oval:def:605
    status accepted
    submitted 2005-06-22T12:00:00.000-04:00
    title Server 2003 Telnet Environment Disclosure Vulnerability
    version 67
  • accepted 2011-05-23T04:00:20.495-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    description The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
    family windows
    id oval:org.mitre.oval:def:784
    status accepted
    submitted 2005-06-22T12:00:00.000-04:00
    title Windows 2000 Telnet Environment Disclosure Vulnerability
    version 65
refmap via4
bid 13940
cert-vn VU#800829
idefense 20050614 Multiple Vendor Telnet Client Information Disclosure Vulnerability
ms MS05-033
sectrack 1014203
secunia 15690
Last major update 12-10-2018 - 21:36
Published 14-06-2005 - 04:00
Back to Top