MidnightBSD

Advisories for university_of_minnesota

CVE-1999-0124 HIGH

Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
university_of_minnesota gopherd *
CVE-2000-0743 HIGH

Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
university_of_minnesota gopherd 2.3
university_of_minnesota gopherd 2.3.1
CVE-2002-0371 HIGH

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft internet_explorer 5.5
microsoft internet_explorer 5.0.1
microsoft internet_explorer 6.0
microsoft isa_server 2000
university_of_minnesota gopher *
microsoft proxy_server 2.0
CVE-2003-0805 HIGH

Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
university_of_minnesota gopherd 2.0.3
university_of_minnesota gopherd 3.0.0
university_of_minnesota gopherd 3.0.2
university_of_minnesota gopherd 2.3
university_of_minnesota gopherd 2.3.1
university_of_minnesota gopherd 3.0.1
university_of_minnesota gopherd 2.0.4
university_of_minnesota gopherd 3.0.4
university_of_minnesota gopherd 3.0.5
university_of_minnesota gopherd 3.0.3
CVE-2004-0560 HIGH

Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
university_of_minnesota gopherd 3.0.3
CVE-2004-0561 HIGH

Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
university_of_minnesota gopherd 3.0.3
CVE-2005-1853 HIGH

gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
university_of_minnesota gopher 3.0.5
CVE-2005-2772 HIGH

Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
university_of_minnesota gopher 3.0.9