Vulnerabilities > CVE-2005-2772 - Remote Buffer Overflow vulnerability in University of Minnesota Gopher 3.0.9
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Gopher <= 3.0.9 (+VIEWS) Remote (Client Side) Buffer Overflow Exploit. CVE-2005-2772. Local exploit for linux platform |
id | EDB-ID:1187 |
last seen | 2016-01-31 |
modified | 2005-08-30 |
published | 2005-08-30 |
reporter | vade79 |
source | https://www.exploit-db.com/download/1187/ |
title | Gopher <= 3.0.9 +VIEWS Remote Client Side Buffer Overflow Exploit |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-832.NASL |
description | Several buffer overflows have been discovered in gopher, a text-oriented client for the Gopher Distributed Hypertext protocol, that can be exploited by a malicious Gopher server. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19801 |
published | 2005-10-05 |
reporter | This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19801 |
title | Debian DSA-832-1 : gopher - buffer overflows |
code |
|
References
- http://marc.info/?l=bugtraq&m=112559902931614&w=2
- http://secunia.com/advisories/16614/
- http://secunia.com/advisories/17016
- http://www.debian.org/security/2005/dsa-832
- http://www.kb.cert.org/vuls/id/619812
- http://www.securityfocus.com/bid/14693
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22053