CVE-2005-0488
CVSS5.0
发布时间 :2005-06-14 00:00:00
修订时间 :2011-03-07 21:20:08
NMCO    

[原文]Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.


[CNNVD]Telnet客户端 敏感信息泄露漏洞(CNNVD-200506-129)

        TELNET协议允许虚拟网络终端通过Internet进行连接。
        多家厂商的基于BSD的Telnet客户端存在设计错误,可能允许远程攻击者获得受攻击系统的敏感信息。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mit:kerberos:5-1.3.4MIT Kerberos 5 1.3.4
cpe:/o:sun:solaris:5.9
cpe:/a:microsoft:telnet_client:5.1.2600.2180Microsoft telnet_client 5.1.2600.2180

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1139Telnet Client Information Disclosure Vulnerability
oval:org.mitre.oval:def:11373Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive en...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0488
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0488
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-129
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/800829
(VENDOR_ADVISORY)  CERT-VN  VU#800829
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
(UNKNOWN)  CERT  TA06-214A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1
(VENDOR_ADVISORY)  SUNALERT  57761
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1
(VENDOR_ADVISORY)  SUNALERT  57755
http://www.vupen.com/english/advisories/2006/3101
(UNKNOWN)  VUPEN  ADV-2006-3101
http://www.redhat.com/support/errata/RHSA-2005-504.html
(UNKNOWN)  REDHAT  RHSA-2005:504
http://www.novell.com/linux/security/advisories/2005_16_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:016
http://idefense.com/application/poi/display?id=260&type=vulnerabilities
(VENDOR_ADVISORY)  IDEFENSE  20050614 Multiple Vendor Telnet Client Information Disclosure Vulnerability
http://www.securityfocus.com/bid/19289
(UNKNOWN)  BID  19289
http://www.securityfocus.com/bid/13940
(UNKNOWN)  BID  13940
http://www.redhat.com/support/errata/RHSA-2005-562.html
(UNKNOWN)  REDHAT  RHSA-2005:562
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1
(UNKNOWN)  SUNALERT  101671
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1
(UNKNOWN)  SUNALERT  101665
http://securitytracker.com/id?1014203
(UNKNOWN)  SECTRACK  1014203
http://secunia.com/advisories/21253
(UNKNOWN)  SECUNIA  21253
http://secunia.com/advisories/17135
(UNKNOWN)  SECUNIA  17135
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2006-08-01

- 漏洞信息

Telnet客户端 敏感信息泄露漏洞
中危 访问验证错误
2005-06-14 00:00:00 2012-12-26 00:00:00
远程  
        TELNET协议允许虚拟网络终端通过Internet进行连接。
        多家厂商的基于BSD的Telnet客户端存在设计错误,可能允许远程攻击者获得受攻击系统的敏感信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx

- 漏洞信息

17303
Multiple Vendor Telnet Client NEW-ENVIRON Variable Information Disclosure
Information Disclosure
Loss of Confidentiality
Vendor Verified

- 漏洞描述

- 时间线

2005-06-14 2005-02-18
Unknow 2005-03-29

- 解决方案

Microsoft has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: For Windows based platforms, disabling the Telnet handler or specifying a different application to handle Telnet URL's can mitigate URL based attacks. This can be accomplished by removing or modifying the following registry key: HKEY_CLASSES_ROOT\telnet\shell\open\command This workaround should prevent automatic exploitation attempts. It does not fix the underlying issue.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站