[原文]Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Multiple Vendor Telnet Client NEW-ENVIRON Variable Information Disclosure
Information Disclosure
Loss of Confidentiality
Vendor Verified
-
漏洞描述
-
时间线
2005-06-14
2005-02-18
Unknow
2005-03-29
-
解决方案
Microsoft has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: For Windows based platforms, disabling the Telnet handler or specifying a different application to handle Telnet URL's can mitigate URL based
attacks. This can be accomplished by removing or modifying the following
registry key:
HKEY_CLASSES_ROOT\telnet\shell\open\command
This workaround should prevent automatic exploitation attempts. It does
not fix the underlying issue.