CVE-2003-0805
published 2003-10-06CVE-2003-0805: Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a…
PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.84%
90.9th percentile
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gopher | < gopher 3.0.6 (bookworm) | gopher 3.0.6 (bookworm) |
| university_of_minnesota | gopher | >= 0 < 3.0.6 | 3.0.6 |
| university_of_minnesota | gopher | >= 0 < 3.0.6 | 3.0.6 |
| university_of_minnesota | gopher | >= 0 < 3.0.6 | 3.0.6 |
| university_of_minnesota | gopher | >= 0 < 3.0.6 | 3.0.6 |
| university_of_minnesota | gopherd | — | — |
| university_of_minnesota | gopherd | — | — |
| university_of_minnesota | gopherd | — | — |
| university_of_minnesota | gopherd | — | — |
| university_of_minnesota | gopherd | — | — |
| university_of_minnesota | gopherd | — | — |
| university_of_minnesota | gopherd | — | — |
| university_of_minnesota | gopherd | — | — |
| university_of_minnesota | gopherd | — | — |
| university_of_minnesota | gopherd | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5qmr-w3f3-wh84: Multiple buffer overflows in UMN gopher daemon (gopherd) 2
ghsa_unreviewed·2022-04-29
CVE-2003-0805 [HIGH] GHSA-5qmr-w3f3-wh84: Multiple buffer overflows in UMN gopher daemon (gopherd) 2
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
OSV
CVE-2003-0805: Multiple buffer overflows in UMN gopher daemon (gopherd) 2
osv·2003-10-06·CVSS 7.5
CVE-2003-0805 [HIGH] CVE-2003-0805: Multiple buffer overflows in UMN gopher daemon (gopherd) 2
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
Debian
CVE-2003-0805: gopher - Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0....
vendor_debian·2003·CVSS 7.5
CVE-2003-0805 [HIGH] CVE-2003-0805: gopher - Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0....
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
Scope: local
bookworm: resolved (fixed in 3.0.6)
bullseye: resolved (fixed in 3.0.6)
forky: resolved (fixed in 3.0.6)
sid: resolved (fixed in 3.0.6)
trixie: resolved (fixed in 3.0.6)
No detection rules found.
Exploit-DB
University of Minnesota Gopherd 2.0.x/2.3/3.0.x - FTP Gateway Buffer Overflow
exploitdb·2003-07-11
CVE-2003-0805 University of Minnesota Gopherd 2.0.x/2.3/3.0.x - FTP Gateway Buffer Overflow
University of Minnesota Gopherd 2.0.x/2.3/3.0.x - FTP Gateway Buffer Overflow
---
// source: https://www.securityfocus.com/bid/8167/info
It has been reported that the FTP gateway component within the gopherd server is prone to a buffer overflow vulnerability. This vulnerability may be present due to a failure to perform bounds checking when processing long filenames returned from the FTP LIST command. This could permit code execution in the context of the software.
/*[ UMN gopherd[2.x.x/3.x.x]: remote "ftp gateway" buffer overflow. ]*
* *
* by: vade79/v9 [email protected] (fakehalo/realhalo) *
* *
* three years since last audit, code is a little more secure. but, *
* still found a few potentially exploitable situations. this *
* exploits the "ftp gateway" feature of gopherd. the
Exploit-DB
University of Minnesota Gopherd 2.0.x/2.3/3.0.x - GSisText Buffer Overflow
exploitdb·2003-07-11
CVE-2003-0805 University of Minnesota Gopherd 2.0.x/2.3/3.0.x - GSisText Buffer Overflow
University of Minnesota Gopherd 2.0.x/2.3/3.0.x - GSisText Buffer Overflow
---
// source: https://www.securityfocus.com/bid/8168/info
It has been reported that there is a buffer overflow condition present in gopherd that may be exploited remotely to execute arbitrary code. The affected component is said to be used for determining view-types for gopher objects.
/*[ UMN gopherd[2.x.x/3.x.x]: remote GSisText()/view buffer overflow. ]*
* *
* by: vade79/v9 [email protected] (fakehalo/realhalo) *
* *
* three years since last audit, code is a little more secure. but, *
* still found a few potentially exploitable situations. this *
* exploits the GSisText() object function in gopherd. the function *
* is used in determining view-type. the function does not check the *
* length of the st
No writeups or analysis indexed.
2003-10-06
Published