telnet: A client program for the telnet remote login protocol
----------------------------------------------------------------------
File: telnet-1.0-530.i586.rpm
Patchrpm: telnet-1.0-530.i586.patch.rpm
Version: 1.0-530
Size: 47 kB
Patchsize: 45 kB
Date: Wed 08 Jun 2005 18:17:6 CEST
Source: telnet-1.0-530.src.rpm
Security: Yes
----------------------------------------------------------------------
Description: The telnet client protocol can be abused by a malicious server to read the
environment of the client site. The information can be used as preparation for
further attacks. This bug can also be exploited by using the telnet:// URL on
a web-site and letting the web-browser fork a telnet client.
This bug was reported by iDEFENSE [IDEF0865].
Note that this patch changes the behaviour of the telnet client regarding the
rule of exported environment variables. Please consult the man page for further
details.