Information Disclosure Vulnerability in Telnet Client

Reported June 14, 2005 by Microsoft

VERSIONS AFFECTED

           

Windows 2000
Windows XP
Windows Server 2003
Microsoft Windows Services for UNIX

DESCRIPTION

Microsoft Telnet client contains an information disclosure vulnerability that could allow an intruder to read session variables of users connected to a Telnet server.

VENDOR RESPONSE

Microsoft released a security bulletin, Vulnerability in Telnet Client Could Allow Information Disclosure (896428), and an associated patch to correct the problem.

CREDITS

Gaël Delalleau and iDEFENSE reported the vulnerability