Microsoft Telnet Client Vulnerability (MS05-033)
| Attack ID: | CPAI-2005-102 |
 |
|
| Publish Date: | |
|
|
| Category: | Microsoft Windows networks |
|
|
| Vulnerable Systems: | Microsoft Windows XP SP1, Service Pack 2 Microsoft Windows XP 64-Bit Edition SP1 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Windows Services for UNIX 3.5 when running on Windows 2000 Microsoft Windows Services for UNIX 3.0 when running on Windows 2000 Microsoft Windows Services for UNIX 2.2 when running on Windows 2000 |
|
|
| Source: | Microsoft Security Bulletin MS05-033 |
|
|
| Description: | The TELNET protocol allows a computer to act as a remote terminal of another machine on a network. An information disclosure vulnerability exists in the Telnet client program shipped with Microsoft Windows. To trigger this vulnerability, an attacker can persuade a target user to connect to a malicious server with the vulnerable program. An attacker who successfully exploited this vulnerability could gain information about users who have open connections to a malicious Telnet server. |
|
|
| Severity: | |
| Details: | The TELNET protocol specifies a mechanism for exchanging environment variables between a client and server. The option code NEW-ENVIRON facilitates this exchange. The Telnet client for the affected Microsoft systems allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option. This may enable an attacker to remotely read the environment variables of the user who connects to the malicious server. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of InterSpect who have applied the solution outlined below will identify the following SmartView Tracker log entries: Attack Name: Telnet Enforcement Violation Attack Information: NEW-ENVIRON command blocked Users of VPN-1 NG with Application Intelligence R55 will identify rule 9923 on the SmartView Tracker screen. |
|
|
| Solution: | Users of VPN-1 NG with Application Intelligence R55, R55W, users of VPN-1 NGX R60 and users of InterSpect should update their SmartDefense by clicking the Online Update (R55 - Update Now) button on the SmartDefense General window. By enabling this protection, SmartDefense will block the potentially malicious NEW-ENVIRON command on all server-side Telnet connections. To enable the Protection: 1. On the SmartDefense navigation tree, click Application Intelligence > TELNET and enable Environment Disclosure Protection.  2. Install security policy on all modules. |
|
|
| Industry Reference: | CAN-2005-1205 |
|
|
| Additional Information: | This Update includes a fix to the IKE enforcement Protection. For more information about this protection, please refer to CPSA-2005-06. Also included in this Update is a fix to the Witty Worm Protection for users of InterSpect. For more information about this protection, please refer to CPAI-2004-14. |