Debian Security Advisory
DSA-387-1 gopher -- buffer overflows
- Date Reported:
- 18 Sep 2003
- Affected Packages:
- gopher
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 8167, BugTraq ID 8168, BugTraq ID 8283.
In Mitre's CVE dictionary: CVE-2003-0805. - More information:
-
gopherd, a gopher server from the University of Minnesota, contains a number of buffer overflows which could be exploited by a remote attacker to execute arbitrary code with the privileges of the gopherd process (the "gopher" user by default).
For the stable distribution (woody) this problem has been fixed in version 3.0.3woody1.
This program has been removed from the unstable distribution (sid). gopherd is deprecated, and users are recommended to use PyGopherd instead.
We recommend that you update your gopherd package.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1.dsc
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1.tar.gz
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_alpha.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_alpha.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_arm.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_arm.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_i386.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_i386.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_ia64.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_ia64.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_hppa.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_hppa.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_m68k.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_m68k.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_mips.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mips.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_s390.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_s390.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_sparc.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_sparc.deb
- http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.