Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | <= < 14.8.1 |
| n/a | n/a | < 232afc74a6dde0fe1830988e5827921f5ec9bb3f |