漏洞信息详情
University of Minnesota GopherD Do_Command缓冲区溢出漏洞
- CNNVD编号:CNNVD-200310-018
- 危害等级: 高危
- CVE编号: CVE-2003-0805
- 漏洞类型: 缓冲区溢出
- 发布时间: 2003-10-06
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: university_of_minnesota
- 漏洞来源: Discovery credited...
漏洞简介
UMN gopher daemon (gopherd)3.0.6之前的2.x和3.x版本存在多个缓冲区溢出漏洞。攻击者借助(1)超长文件名作为LIST命令的结果,和(2)计算view-type的GSisText函数执行任意代码。
漏洞公告
The maintainer has responded to advise users to migrate to PyGopherd, as UMN gohperd has been removed from distribution and is no longer supported. Debian has released an advisory (DSA 387-1) and fixes for this issue. See the referenced advisory for links to fixed packages. University of Minnesota gopherd 3.0.3
- Debian gopher_3.0.3woody1_arm.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_arm.deb
- Debian gopher_3.0.3woody1_hppa.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_hppa.deb
- Debian gopher_3.0.3woody1_i386.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_i386.deb
- Debian gopher_3.0.3woody1_m68k.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_m68k.deb
- Debian gopher_3.0.3woody1_mips.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_mips.deb
- Debian gopher_3.0.3woody1_mipsel.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_mipsel.deb
- Debian gopher_3.0.3woody1_powerpc.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_powerpc.deb
- Debian gopher_3.0.3woody1_s390.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_s390.deb
- Debian gopher_3.0.3woody1_sparc.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_sparc.deb
- Debian gopherd_3.0.3woody1_alpha.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_alpha.deb
- Debian gopherd_3.0.3woody1_arm.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_arm.deb
- Debian gopherd_3.0.3woody1_hppa.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_hppa.deb
- Debian gopherd_3.0.3woody1_i386.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_i386.deb
- Debian gopherd_3.0.3woody1_m68k.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_m68k.deb
- Debian gopherd_3.0.3woody1_mips.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_mips.deb
- Debian gopherd_3.0.3woody1_mipsel.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_mipsel.deb
- Debian gopherd_3.0.3woody1_powerpc.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_powerpc.deb
- Debian gopherd_3.0.3woody1_s390.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_s390.deb
- Debian gopherd_3.0.3woody1_sparc.deb http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woo dy1_sparc.deb
- Debian gopher_3.0.3woody1_alpha.deb http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3wood y1_alpha.deb
参考网址
来源: DEBIAN 名称: DSA-387 链接:http://www.debian.org/security/2003/dsa-387 来源: BUGTRAQ 名称: 20030818 FW: [gopher] UMN Gopher 3.0.6 released 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106123498310717&w=2 来源: BUGTRAQ 名称: 20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105804485302211&w=2
受影响实体
- University_of_minnesota Gopherd:3.0.0
- University_of_minnesota Gopherd:3.0.1
- University_of_minnesota Gopherd:2.3.1
- University_of_minnesota Gopherd:2.3
- University_of_minnesota Gopherd:2.0.4
补丁
暂无
评论