Intrusion Prevention

MS.Telnet.Client.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure vulnerability in multiple vendor's Telnet clients.
The vulnerability is caused by an error in the software when handles malicious server commands. It may allow remote attackers to gain sensitive information from vulnerable systems.

Affected Products

Microsoft Telnet Client 5.1.2600.2180, Kerberos V5 Release 1.3.6 package, netkit-telnet package for all versions of RedHat Linux and possibly telnet clients in others distributions.

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the appropriate patch from the vendors.
For Microsoft Windows apply the security patch to the system as given in the Microsoft Security Bulletin MS05-033.

CVE References

CVE-2005-1205