CVE-2005-1205

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Services for UNIX

Description The issue allows remote attackers to read sensitive environment variables. This is achieved via the NEW-ENVIRON option with a SEND ENV USERVAR command in the Telnet client.

Recommendations For Microsoft Windows XP, consider disabling the Telnet client until a fix is available. For Microsoft Windows Server 2003, restrict access to the Telnet service to minimize the risk of exploitation. For Microsoft Windows Services for UNIX, avoid using the Telnet client with the NEW-ENVIRON option until the issue is resolved.