===================================================================== CERT-Renater Note d'Information No. 2005/VULN382 _____________________________________________________________________ DATE : 15/06/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows XP, Windows Server 2003, systems running Windows Services for UNIX. ====================================================================== http://www.microsoft.com/technet/security/bulletin/MS05-033.mspx MS05-033 - Vulnerability in Telnet Client Could Allow Information Disclosure (896428) - Affected Software: - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP 64-Bit Edition Service Pack 1 (Itanium) - Windows XP 64-Bit Edition Version 2003 (Itanium) - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Windows Services for UNIX 3.5 - Windows Services for UNIX 3.0 - Windows Services for UNIX 2.2 - Impact: Information Disclosure - Version Number: 1.0 - From the Microsoft Security Bulletin MS05-033: Vulnerability Details Telnet Vulnerability - CAN-2005-1205 An attacker who successfully exploited this information disclosure vulnerability could remotely read the session variables for users who have open connections to a malicious telnet server. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================