PT-2005-2221 · Microsoft · Windows Server 2003+3

Gaël Delalleau

Published

2005-06-14

Updated

2018-10-12

CVE-2005-1205

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Services for UNIX

Description The issue allows remote attackers to read sensitive environment variables. This is achieved via the NEW-ENVIRON option with a SEND ENV USERVAR command in the Telnet client.

Recommendations For Microsoft Windows XP, consider disabling the Telnet client until a fix is available. For Microsoft Windows Server 2003, restrict access to the Telnet service to minimize the risk of exploitation. For Microsoft Windows Services for UNIX, avoid using the Telnet client with the NEW-ENVIRON option until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1205

Affected Products

Windows Server 2003

Windows Services For Unix

Windows Xp

Telnet

PT-2005-2221 · Microsoft · Windows Server 2003+3

CVE-2005-1205

Related Identifiers

Affected Products

References · 10