- --------------------------------------------------------------------------
Debian Security Advisory DSA 387-1                     security@debian.org 
Debian -- Security Information                              Matt Zimmerman
September 18th, 2003                     Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : gopher
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0805

gopherd, a gopher server from the University of Minnesota, contains a
number of buffer overflows which could be exploited by a remote
attacker to execute arbitrary code with the privileges of the gopherd
process (the "gopher" user by default).

For the stable distribution (woody) this problem has been fixed in
version 3.0.3woody1.

This program has been removed from the unstable distribution (sid).
gopherd is deprecated, and users are recommended to use PyGopherd instead.

We recommend that you update your gopherd package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      552 76894dc1222e79774f40224324f0ad7f
      
      Size/MD5 checksum:   508417 06bc48d36dc86d7b16ff4d3127e6af6b

  Alpha architecture:

      
      Size/MD5 checksum:   151236 5218f20b73cf27e24caf8fc096ee6b91
      
      Size/MD5 checksum:   119994 3c11c4950de29f3f9b9657be7280659f

  ARM architecture:

      
      Size/MD5 checksum:   114484 8ee45328aae7009263c4032671b7bf56
      
      Size/MD5 checksum:    98494 1890c8e32bd42994a9a1d3042d110e86

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   112374 6b57793273a1bad97d0640a8d01e14b9
      
      Size/MD5 checksum:    96740 f8ed5c064754ed584a31eaf1b100825e

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   173530 e6a1b592a571aed9ffaba35068a0495e
      
      Size/MD5 checksum:   139634 64803a5dd1dff2e88fcfc68f6ef9ee11

  HP Precision architecture:

      
      Size/MD5 checksum:   129748 b5c718e641270c8e1b589135c509a4d5
      
      Size/MD5 checksum:   109600 efcf89e4af0d362d879f24e588883e26

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   105664 82e0ef414d07be4eea0cb1f747968575
      
      Size/MD5 checksum:    91786 718d9631c2d1824d6e8ef631eadfeb78

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   130662 ab224c0de3c08876d55a1f93f2830190
      
      Size/MD5 checksum:   109360 0a74a8980e0878a7828c2c2466e5d790

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   130674 1d585c488b273c8bf91399ffb881ed26
      
      Size/MD5 checksum:   109308 aad80866bf9d615a079f70080e4b7c9f

  PowerPC architecture:

      
      Size/MD5 checksum:   120924 8b5741c2db865625ff6ed00087d77fa0
      
      Size/MD5 checksum:   102660 e51128248e56bb60eab6ab4a2974e3d8

  IBM S/390 architecture:

      
      Size/MD5 checksum:   116154 117945606232036f793a9949b9ac0141
      
      Size/MD5 checksum:    99710 e7e3cb0d53b024d13be36af41fcf9994

  Sun Sparc architecture:

      
      Size/MD5 checksum:   121790 2f6db0257015d8a42230e3e8e95f9f28
      
      Size/MD5 checksum:   102074 dcfd0b3412c55d9d8f911c9f9204fd08

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/amg8ArxCt0PiXR4RAjgVAJ4rEWwah7TfSESBC07AutN6k7z4MQCeP2EH
51x1gPLs80Tyv9ol9Pr1ogY=bSRw
-----END PGP SIGNATURE-----

Debian: gopher Remote buffer overflow vulnerability

September 19, 2003
gopherd, a gopher server from the University of Minnesota, contains anumber of buffer overflows which could be exploited by a remoteattacker to execute arbitrary code with the priv...

Summary

gopherd, a gopher server from the University of Minnesota, contains a
number of buffer overflows which could be exploited by a remote
attacker to execute arbitrary code with the privileges of the gopherd
process (the "gopher" user by default).

For the stable distribution (woody) this problem has been fixed in
version 3.0.3woody1.

This program has been removed from the unstable distribution (sid).
gopherd is deprecated, and users are recommended to use PyGopherd instead.

We recommend that you update your gopherd package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 552 76894dc1222e79774f40224324f0ad7f

Size/MD5 checksum: 508417 06bc48d36dc86d7b16ff4d3127e6af6b

Alpha architecture:


Size/MD5 checksum: 151236 5218f20b73cf27e24caf8fc096ee6b91

Size/MD5 checksum: 119994 3c11c4950de29f3f9b9657be7280659f

ARM architecture:


Size/MD5 checksum: 114484 8ee45328aae7009263c4032671b7bf56

Size/MD5 checksum: 98494 1890c8e32bd42994a9a1d3042d110e86

Intel IA-32 architecture:


Size/MD5 checksum: 112374 6b57793273a1bad97d0640a8d01e14b9

Size/MD5 checksum: 96740 f8ed5c064754ed584a31eaf1b100825e

Intel IA-64 architecture:


Size/MD5 checksum: 173530 e6a1b592a571aed9ffaba35068a0495e

Size/MD5 checksum: 139634 64803a5dd1dff2e88fcfc68f6ef9ee11

HP Precision architecture:


Size/MD5 checksum: 129748 b5c718e641270c8e1b589135c509a4d5

Size/MD5 checksum: 109600 efcf89e4af0d362d879f24e588883e26

Motorola 680x0 architecture:


Size/MD5 checksum: 105664 82e0ef414d07be4eea0cb1f747968575

Size/MD5 checksum: 91786 718d9631c2d1824d6e8ef631eadfeb78

Big endian MIPS architecture:


Size/MD5 checksum: 130662 ab224c0de3c08876d55a1f93f2830190

Size/MD5 checksum: 109360 0a74a8980e0878a7828c2c2466e5d790

Little endian MIPS architecture:


Size/MD5 checksum: 130674 1d585c488b273c8bf91399ffb881ed26

Size/MD5 checksum: 109308 aad80866bf9d615a079f70080e4b7c9f

PowerPC architecture:


Size/MD5 checksum: 120924 8b5741c2db865625ff6ed00087d77fa0

Size/MD5 checksum: 102660 e51128248e56bb60eab6ab4a2974e3d8

IBM S/390 architecture:


Size/MD5 checksum: 116154 117945606232036f793a9949b9ac0141

Size/MD5 checksum: 99710 e7e3cb0d53b024d13be36af41fcf9994

Sun Sparc architecture:


Size/MD5 checksum: 121790 2f6db0257015d8a42230e3e8e95f9f28

Size/MD5 checksum: 102074 dcfd0b3412c55d9d8f911c9f9204fd08

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/amg8ArxCt0PiXR4RAjgVAJ4rEWwah7TfSESBC07AutN6k7z4MQCeP2EH
51x1gPLs80Tyv9ol9Pr1ogY=bSRw
-----END PGP SIGNATURE-----






Severity
Package : gopher
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0805

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved