Vulnerability Note VU#619812
UMN Gopher vulnerable to buffer overflow via overly long "+VIEWS:"
Overview
The University of Minnesota Gopher client may be vulnerable to a buffer overflow when handling overly long "+VIEWS:" reply messages sent from a malicious server.
Description
The UMN Gopher suite includes a Gopher client for navigating Gopherspace. However, the Gopher client may incorrectly handle a reply message from the server with overly long "+VIEWS:" content. The VIfromLine() function contains a boundary error when copying input to a buffer on the stack, which may cause a stack-based buffer overflow condition. Successful exploitation may allow remote arbitrary code execution. If the user is running the gopher client with elevated privileges, the system may be compromised to the point of the attacking taking total control. |
Impact
A remote unauthenticated attacker may be able to execute arbitrary code on the remote system by convincing the user to follow a gopher link. |
Solution
Disable Gopher support |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| UMN Gopher | Affected | - | 01 Sep 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
Thanks to vade79 for reporting this vulnerability.
This document was written by Ken MacInnis.
Other Information
- CVE IDs: Unknown
- Date Public: 30 Aug 2005
- Date First Published: 02 Sep 2005
- Date Last Updated: 02 Sep 2005
- Severity Metric: 1.27
- Document Revision: 3
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.