University of Minnesota Gopher Multiple Remote Vulnerabilities
BID:12254
Info
University of Minnesota Gopher Multiple Remote Vulnerabilities
| Bugtraq ID: | 12254 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 13 2005 12:00AM |
| Updated: | Jan 13 2005 12:00AM |
| Credit: | "jaguar" is credited with the discovery of this issue. |
| Vulnerable: |
University of Minnesota gopherd 3.0.5 University of Minnesota gopherd 3.0.4 University of Minnesota gopherd 3.0.3 University of Minnesota gopherd 3.0.2 University of Minnesota gopherd 3.0.1 University of Minnesota gopherd 3.0 .0 |
| Not Vulnerable: | |
Discussion
University of Minnesota Gopher Multiple Remote Vulnerabilities
Multiple remote vulnerabilities affect Gopher. These issues are due to a failure of the application to properly sanitize user-supplied data and a failure to verify input sizes.
The first issue is an integer overflow, the second issue is a format string vulnerability.
An attacker may leverage these issues to crash the affected daemon. These issues may also be leveraged to execute arbitrary code with the privileges of the gopherd process. This may facilitate unauthorized access.
Multiple remote vulnerabilities affect Gopher. These issues are due to a failure of the application to properly sanitize user-supplied data and a failure to verify input sizes.
The first issue is an integer overflow, the second issue is a format string vulnerability.
An attacker may leverage these issues to crash the affected daemon. These issues may also be leveraged to execute arbitrary code with the privileges of the gopherd process. This may facilitate unauthorized access.
Exploit / POC
University of Minnesota Gopher Multiple Remote Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
University of Minnesota Gopher Multiple Remote Vulnerabilities
Solution:
Debian has made advisory DSA 638-1 available along with fixes dealing with these issues. Please see the referenced advisory for more information.
University of Minnesota gopherd 3.0.3
Solution:
Debian has made advisory DSA 638-1 available along with fixes dealing with these issues. Please see the referenced advisory for more information.
University of Minnesota gopherd 3.0.3
-
Debian gopher_3.0.3woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_alpha.deb -
Debian gopher_3.0.3woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_arm.deb -
Debian gopher_3.0.3woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_hppa.deb -
Debian gopher_3.0.3woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_i386.deb -
Debian gopher_3.0.3woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_ia64.deb -
Debian gopher_3.0.3woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_m68k.deb -
Debian gopher_3.0.3woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_mips.deb -
Debian gopher_3.0.3woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_mipsel.deb -
Debian gopher_3.0.3woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_powerpc.deb -
Debian gopher_3.0.3woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_s390.deb -
Debian gopher_3.0.3woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y2_sparc.deb -
Debian gopherd_3.0.3woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_alpha.deb -
Debian gopherd_3.0.3woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_arm.deb -
Debian gopherd_3.0.3woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_hppa.deb -
Debian gopherd_3.0.3woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_i386.deb -
Debian gopherd_3.0.3woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_ia64.deb -
Debian gopherd_3.0.3woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_m68k.deb -
Debian gopherd_3.0.3woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_mips.deb -
Debian gopherd_3.0.3woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_mipsel.deb -
Debian gopherd_3.0.3woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_powerpc.deb -
Debian gopherd_3.0.3woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_s390.deb -
Debian gopherd_3.0.3woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy2_sparc.deb
References
University of Minnesota Gopher Multiple Remote Vulnerabilities
References:
References:
- Computer Science & Engineering (University Of Minnesota)