UMN Gopherd 2.x Halidate Function Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1591/info It is possible to either execute arbitrary code or crash a remote system running University of Minnesota's Gopher Daemon, depending on the data entered. An unchecked buffer exists in the 'halidate' function of...

UMN Gopherd Unauthorized FTP Proxy

The remote host is running a UMN Gopher server. It is possible to make the remote server connect to third party FTP sites by sending the request 'ftp://hostname.of.the.ftp.server'. An attacker may exploit this flaw to connect to use the remote gopher daemon as a proxy to connect to FTP servers...

UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer overflow exploits.

bordom/fun audit time... been awhile since i did an audit of UMNUniversity of Minnesota gopherd+ daemon. figured i would check out the newer v3.0.x series, which has cleaned up the past security issues... while the old issues are resolved, still a few leftovers. two exploits follow... original...

CVE-2000-0743

Buffer overflow vulnerability in University of Minnesota (UMN) gopherd 2.x. A remote attacker can trigger command execution by sending a DES key generation request (GDESkey) that contains a long ticket value. Affected component: gopherd 2.x; root cause: overflow in handling DES key generation req...