Vulnerabilities > CVE-2002-0371

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
university-of-minnesota
nessus
exploit available
NVD
Published: 2002-07-03
Updated: 2021-07-23

Summary

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

Vulnerable Configurations

Part Description Count
Application
Microsoft
11
Application
University_Of_Minnesota
1

Exploit-Db

descriptionMS IE 5/6,MS ISA Server 2000,MS Proxy Server 2.0 Gopher Client Buffer Overflow. CVE-2002-0371 . Remote exploit for windows platform
idEDB-ID:21510
last seen2016-02-02
modified2002-07-27
published2002-07-27
reporter[email protected]
sourcehttps://www.exploit-db.com/download/21510/
titleMicrosoft Internet Explorer 5/6, Microsoft ISA Server 2000, Microsoft Proxy Server 2.0 Gopher Client - Buffer Overflow

Nessus

NASL familyFirewalls
NASL idPROXY_GOPHER.NASL
descriptionGopher is an old network protocol which predates HTTP and is nearly unused today. As a result, gopher-compatible software is generally less audited and more likely to contain security bugs than others. By making gopher requests, an attacker may evade your firewall settings, by making connections to port 70, or may even exploit arcane flaws in this protocol to gain more privileges on this host.
last seen2020-06-01
modified2020-06-02
plugin id11305
published2003-03-02
reporterThis script is Copyright (C) 2003-2020 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11305
titleHTTP Proxy Open gopher:// Request Relaying
code
#
# (C) Tenable Network Security, Inc.
#

#
# This script does not check for CVE-2002-0371 per se,
# but references it as an example of an abuse in the gopher
# protocol. MS advisory MS02-027 also suggests disabling
# the gopher protocol handling completely.
#

include("compat.inc");

if (description)
{ 
 script_id(11305);
 script_version("1.24");
 script_cvs_date("Date: 2020/01/02");
 
 script_name(english: "HTTP Proxy Open gopher:// Request Relaying");
 script_summary(english:"Determines if we can use the remote web proxy to do gopher requests");
 
 script_set_attribute(attribute:"synopsis", value:
"The HTTP proxy accepts gopher:// requests.");
 script_set_attribute(attribute:"description", value:
"Gopher is an old network protocol which predates HTTP and is nearly 
unused today. As a result, gopher-compatible software is generally 
less audited and more likely to contain security bugs than others.

By making gopher requests, an attacker may evade your firewall settings,
by making connections to port 70, or may even exploit arcane flaws in 
this protocol to gain more privileges on this host.");
 script_set_attribute(attribute:"solution", value:
"Reconfigure your proxy so that it refuses gopher requests.");
 script_set_attribute(attribute:"risk_factor", value:"None");

 script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/02");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2020 Tenable Network Security, Inc.");
 script_family(english:"Firewalls");

 script_dependencie("find_service1.nasl", "proxy_use.nasl");
 script_require_keys("Proxy/usage");
 script_require_ports("Services/http_proxy", 3128, 8080);
 exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

ports = add_port_in_list(list:get_kb_list("Services/http_proxy"), port:3128);
ports = add_port_in_list(list:ports, port:8080);

proxy_use = get_kb_item("Proxy/usage");
if (! proxy_use) exit(0);

foreach port (ports)
{
  rq = http_mk_proxy_request(port: 70, method: "GET", scheme: "gopher", host: get_host_name(), item: "/", version: 10);
  r = http_send_recv_req(port: port, req: rq);
  if (! isnull(r) && r[0] =~ "^HTTP/1\.[01] (200|503) ") security_note(port);
}

Oval

accepted2014-02-24T04:03:28.963-05:00
classvulnerability
contributors
  • nameDavid Proulx
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameMaria Mikhno
    organizationALTX-SOFT
descriptionBuffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
familywindows
idoval:org.mitre.oval:def:98
statusaccepted
submitted2003-11-12T05:00:00.000-04:00
titleGopher Client Buffer Overflow
version66

References