漏洞信息详情

University of Minnesota GopherD Do_Command缓冲区溢出漏洞

  • CNNVD编号:CNNVD-200310-018
  • 危害等级: 高危
  • CVE编号: CVE-2003-0805
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2003-10-06
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: university_of_minnesota
  • 漏洞来源: Discovery credited...

漏洞简介

UMN gopher daemon (gopherd)3.0.6之前的2.x和3.x版本存在多个缓冲区溢出漏洞。攻击者借助(1)超长文件名作为LIST命令的结果,和(2)计算view-type的GSisText函数执行任意代码。

漏洞公告

The maintainer has responded to advise users to migrate to PyGopherd, as UMN gohperd has been removed from distribution and is no longer supported. Debian has released an advisory (DSA 387-1) and fixes for this issue. See the referenced advisory for links to fixed packages. University of Minnesota gopherd 3.0.3

参考网址

来源: DEBIAN 名称: DSA-387 链接:http://www.debian.org/security/2003/dsa-387 来源: BUGTRAQ 名称: 20030818 FW: [gopher] UMN Gopher 3.0.6 released 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106123498310717&w=2 来源: BUGTRAQ 名称: 20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105804485302211&w=2

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多