VULHUB ™

There is a buffer overflow vulnerability in gopherd 2.x versions (by University of Minnesota) which could result in a remote root compromise of a targetted host. The problem lies in the generation of a Gopher DES Key (GDESKey), done by gopherd when the server receives an instruction to decode a ticket of the form "* [username] [ticket]" from a client.

There is a buffer overflow vulnerability in gopherd 2.x versions (by University of Minnesota) which could result in a remote root compromise of a targetted host. The problem lies in the generation of a Gopher DES Key (GDESKey), done by gopherd when the server receives an instruction to decode a ticket of the form "* [username] [ticket]" from a client.