Lucene search

GoogleOSV:DSA-638-1

HistoryJan 13, 2005 - 12:00 a.m.

gopher - several

2005-01-1300:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

83.9%

JSON

“jaguar” has discovered two security relevant problems in gopherd, the
Gopher server in Debian which is part of the gopher package. The
Common Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CAN-2004-0560
An integer overflow can happen when posting content of a specially
calculated size.
CAN-2004-0561
A format string vulnerability has been found in the log routine.

For the stable distribution (woody) these problems have been fixed in
version 3.0.3woody2.

The unstable distribution (sid) does not contain a gopherd package.
It has been replaced by Pygopherd.

We recommend that you upgrade your gopherd package.

CPENameOperatorVersion
gophereq3.0.3woody1

CPE	Name	Operator	Version
	gopher	eq	3.0.3woody1

References

www.debian.org/security/2005/dsa-638

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

83.9%

JSON

Related for OSV:DSA-638-1