| VID |
18073 |
| Severity |
40 |
| Port |
70 |
| Protocol |
TCP |
| Class |
GOPHER |
| Detailed Description |
The gopher server is vulnerable to a buffer overflow vulnerability.
UMN gopherd is a gopher and gopher+ server with a HTTP mode as well, designed to serve text and directory objects using the Gopher protocol. Gopherd versions 3.0.5 and earlier are vulnerable to a buffer overflow vulnerability and a format string vulnerability, caused by improper bounds checking of user-supplied input. A remote attacker can exploit this vulnerability to execute arbitrary code on the vulnerable server with the privileges of the gopher daemon.
* References:
http://www.securiteam.com/unixfocus/5FP0L15AKO.html
* Platforms Affected:
University of Minnesota, gopherd versions 3.0.5 and earlier
Linux Any version
Unix Any version |
| Recommendation |
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest gopherd package (3.0.3woody2 or later), as listed in Debian Security Advisory DSA-638-1 at http://www.debian.org/security/2005/dsa-638 |
| Related URL |
CVE-2004-0560,CVE-2004-0561 (CVE) |
| Related URL |
8157,12254 (SecurityFocus) |
| Related URL |
(ISS) |
|
