Rapid7 Vulnerability & Exploit Database

SuSE: telnet 1.0-530

Back to Search

SuSE: telnet 1.0-530

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
01/01/2005
Created
07/25/2018
Added
11/08/2005
Modified
11/18/2015

Description

The telnet client protocol can be abused by a malicious server to read the environment of the client site. The information can be used as preparation for further attacks. This bug can also be exploited by using the telnet:// URL on a web-site and letting the web-browser fork a telnet client. This bug was reported by iDEFENSE [IDEF0865]. Note that this patch changes the behaviour of the telnet client regarding the rule of exported environment variables. Please consult the man page for further details.

Solution(s)

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;