UMN Gopherd 2.x Remote Root Buffer Overflow Vulnerability

Bugtraq ID:	1569
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Aug 10 2000 12:00AM
Updated:	Aug 10 2000 12:00AM
Credit:	Disclosed in an advisory by Guardent (A0208102000) on August 10, 2000.
Vulnerable:	University of Minnesota gopherd 2.3.1 - Debian Linux 2.1 - Mandriva Linux Mandrake 7.1 - Redhat Linux 6.2 sparc - Redhat Linux 6.2 i386 - Redhat Linux 6.2 alpha - SuSE Linux 7.0 University of Minnesota gopherd 2.3 - Debian Linux 2.1 - Mandriva Linux Mandrake 7.1 - Redhat Linux 6.2 sparc - Redhat Linux 6.2 i386 - Redhat Linux 6.2 alpha - SuSE Linux 7.0
Not Vulnerable:

UMN Gopherd 2.x Remote Root Buffer Overflow Vulnerability

There is a buffer overflow vulnerability in gopherd 2.x versions (by University of Minnesota) which could result in a remote root compromise of a targetted host. The problem lies in the generation of a Gopher DES Key (GDESKey), done by gopherd when the server receives an instruction to decode a ticket of the form "* [username] [ticket]" from a client.

UMN Gopherd 2.x Remote Root Buffer Overflow Vulnerability

This vulnerability is exploitable, according to the advisory released by Guardent. Exploit code has not been received.

UMN Gopherd 2.x Remote Root Buffer Overflow Vulnerability

Solution:
The previous patch released by Guardent (gopherd2x.patch) patched the discussed vulnerability but introduced another buffer overflow condition. New patches are available.


University of Minnesota gopherd 2.3

• Guardent gopherd2.3.patch
  http://www.securityfocus.com/data/vulnerabilities/patches/gopherd2.3.p atch

University of Minnesota gopherd 2.3.1

• Guardent gopherd2.3.1.patch
  http://www.securityfocus.com/data/vulnerabilities/patches/gopherd2.3.1 .patch

UMN Gopherd 2.x Remote Root Buffer Overflow Vulnerability

References: