CVE-2005-0488

Name of the Vulnerable Software and Affected Versions Telnet clients versions (affected versions not specified) Red Hat Enterprise Linux telnet-server-0.17 Red Hat Enterprise Linux telnet-0.17

Description The issue allows remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV USERVAR command. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For Telnet clients, consider disabling the NEW-ENVIRON option to prevent the sending of sensitive environment variables until a patch is available. For Red Hat Enterprise Linux telnet-server-0.17 and telnet-0.17, at the moment, there is no information about a newer version that contains a fix for this vulnerability.