oval:org.mitre.oval:def:784

Definition Id: oval:org.mitre.oval:def:784

Oval ID:	oval:org.mitre.oval:def:784
Title:	Windows 2000 Telnet Environment Disclosure Vulnerability
Description:	The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1205	Version:	3
Platform(s):	Microsoft Windows 2000	Product(s):	Services for UNIX
Definition Synopsis:
Windows 2000 is installed AND NOT the patch KB896428 for Services for UNIX is installed AND Services for UNIX is installed and a vulnerable version of telnet.exe exists Services for UNIX version 2.2 and telnet.exe version less than 5.3000.2073.13 the version of telnet.exe is less than 5.3000.2073.13 AND the software Services for UNIX is installed and the version is 2.2 OR Services for UNIX version 3.0 and telnet.exe version less than 7.0.1701.44 the software Services for UNIX is installed and the version is 3.0 AND the version of telnet.exe is less than 7.0.1701.44 OR Services for UNIX version 3.5 and telnet.exe version less than 8.0.1969.33 the software Services for UNIX is installed and the version is 3.5 AND the version of telnet.exe is less than 8.0.1969.33