UMN Gopherd 2.x Remote Root Buffer Overflow Vulnerability

There is a buffer overflow vulnerability in gopherd 2.x versions (by University of Minnesota) which could result in a remote root compromise of a targetted host. The problem lies in the generation of a Gopher DES Key (GDESKey), done by gopherd when the server receives an instruction to decode a ticket of the form "* [username] [ticket]" from a client.


 

Privacy Statement
Copyright 2010, SecurityFocus