CVE-2003-0805

UMN gopher daemon <3.0.6 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0805. PoCs published by V9.

AI-analyzed exploit summary This exploit targets a buffer overflow in UMN gopherd's GSisText() function, allowing remote code execution via a crafted gopher request. It uses brute-force to guess stack addresses and includes shellcode for a bindshell.

Description

Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.

Exploits (2)

exploitdb WORKING POC VERIFIED
by V9 · cremotelinux
https://www.exploit-db.com/exploits/22894

This exploit targets a buffer overflow in UMN gopherd's GSisText() function, allowing remote code execution via a crafted gopher request. It uses brute-force to guess stack addresses and includes shellcode for a bindshell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: UMN gopherd 2.x.x/3.x.x
No auth needed
Prerequisites: Target running vulnerable gopherd version · Network access to gopher port (70)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by V9 · cremotelinux
https://www.exploit-db.com/exploits/22893

This exploit targets a buffer overflow vulnerability in the UMN gopherd FTP gateway component (CVE-2003-0805). It leverages a long filename in the FTP LIST command to overflow a stack buffer, leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: UMN gopherd 2.x.x/3.x.x
No auth needed
Prerequisites: Root access to bind to port 21 · Target gopherd must have FTP gateway support enabled · Target must be running Linux/x86
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105804485302211&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106123498310717&w=2
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-387

Scores

EPSS 0.0485
EPSS Percentile 90.9%

Details

Status published
Products (10)
university_of_minnesota/gopherd 2.0.3
university_of_minnesota/gopherd 2.0.4
university_of_minnesota/gopherd 2.3
university_of_minnesota/gopherd 2.3.1
university_of_minnesota/gopherd 3.0.0
university_of_minnesota/gopherd 3.0.1
university_of_minnesota/gopherd 3.0.2
university_of_minnesota/gopherd 3.0.3
university_of_minnesota/gopherd 3.0.4
university_of_minnesota/gopherd 3.0.5
Published Oct 06, 2003
Tracked Since Feb 18, 2026