ID |
CVE-2005-2772
|
Summary |
Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 11-07-2017 - 01:32) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 14693 | bugtraq | 20050901 UMN gopher[v3.0.9+] multiple(2) client buffer overflows. | cert-vn | VU#619812 | debian | DSA-832 | secunia | | xf | umn-gopher-vifromline-bo(22053) |
|
Last major update |
11-07-2017 - 01:32 |
Published |
02-09-2005 - 23:03 |
Last modified |
11-07-2017 - 01:32 |