Debian: gopher Remote buffer overflow vulnerability

    Date19 Sep 2003
    CategoryDebian
    2166
    Posted ByLinuxSecurity Advisories
    gopherd, a gopher server from the University of Minnesota, contains anumber of buffer overflows which could be exploited by a remoteattacker to execute arbitrary code with the privileges of the gopherdprocess.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 387-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    September 18th, 2003                     http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : gopher
    Vulnerability  : buffer overflows
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2003-0805
    
    gopherd, a gopher server from the University of Minnesota, contains a
    number of buffer overflows which could be exploited by a remote
    attacker to execute arbitrary code with the privileges of the gopherd
    process (the "gopher" user by default).
    
    For the stable distribution (woody) this problem has been fixed in
    version 3.0.3woody1.
    
    This program has been removed from the unstable distribution (sid).
    gopherd is deprecated, and users are recommended to use PyGopherd instead.
    
    We recommend that you update your gopherd package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1.dsc
          Size/MD5 checksum:      552 76894dc1222e79774f40224324f0ad7f
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1.tar.gz
          Size/MD5 checksum:   508417 06bc48d36dc86d7b16ff4d3127e6af6b
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_alpha.deb
          Size/MD5 checksum:   151236 5218f20b73cf27e24caf8fc096ee6b91
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_alpha.deb
          Size/MD5 checksum:   119994 3c11c4950de29f3f9b9657be7280659f
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_arm.deb
          Size/MD5 checksum:   114484 8ee45328aae7009263c4032671b7bf56
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_arm.deb
          Size/MD5 checksum:    98494 1890c8e32bd42994a9a1d3042d110e86
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_i386.deb
          Size/MD5 checksum:   112374 6b57793273a1bad97d0640a8d01e14b9
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_i386.deb
          Size/MD5 checksum:    96740 f8ed5c064754ed584a31eaf1b100825e
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_ia64.deb
          Size/MD5 checksum:   173530 e6a1b592a571aed9ffaba35068a0495e
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_ia64.deb
          Size/MD5 checksum:   139634 64803a5dd1dff2e88fcfc68f6ef9ee11
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_hppa.deb
          Size/MD5 checksum:   129748 b5c718e641270c8e1b589135c509a4d5
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_hppa.deb
          Size/MD5 checksum:   109600 efcf89e4af0d362d879f24e588883e26
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_m68k.deb
          Size/MD5 checksum:   105664 82e0ef414d07be4eea0cb1f747968575
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_m68k.deb
          Size/MD5 checksum:    91786 718d9631c2d1824d6e8ef631eadfeb78
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_mips.deb
          Size/MD5 checksum:   130662 ab224c0de3c08876d55a1f93f2830190
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mips.deb
          Size/MD5 checksum:   109360 0a74a8980e0878a7828c2c2466e5d790
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_mipsel.deb
          Size/MD5 checksum:   130674 1d585c488b273c8bf91399ffb881ed26
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mipsel.deb
          Size/MD5 checksum:   109308 aad80866bf9d615a079f70080e4b7c9f
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_powerpc.deb
          Size/MD5 checksum:   120924 8b5741c2db865625ff6ed00087d77fa0
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_powerpc.deb
          Size/MD5 checksum:   102660 e51128248e56bb60eab6ab4a2974e3d8
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_s390.deb
          Size/MD5 checksum:   116154 117945606232036f793a9949b9ac0141
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_s390.deb
          Size/MD5 checksum:    99710 e7e3cb0d53b024d13be36af41fcf9994
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_sparc.deb
          Size/MD5 checksum:   121790 2f6db0257015d8a42230e3e8e95f9f28
         http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_sparc.deb
          Size/MD5 checksum:   102074 dcfd0b3412c55d9d8f911c9f9204fd08
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    
    iD8DBQE/amg8ArxCt0PiXR4RAjgVAJ4rEWwah7TfSESBC07AutN6k7z4MQCeP2EH
    51x1gPLs80Tyv9ol9Pr1ogY=
    =bSRw
    -----END PGP SIGNATURE-----
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.