CVE-2005-2772

University of Minnesota gopher client 3.0.9 - Buffer Overflow

Title source: llm

Description

Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by vade79 · clocallinux

https://www.exploit-db.com/exploits/1187

View Code ZIP pw:eip

References (7)

[Mailing List] http://marc.info/?l=bugtraq&m=112559902931614&w=2

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/619812

[Third Party Advisory] http://www.debian.org/security/2005/dsa-832

[Exploit] http://www.securityfocus.com/bid/14693

[Third Party Advisory] http://secunia.com/advisories/16614/

[Third Party Advisory] http://secunia.com/advisories/17016

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22053

Scores

EPSS 0.3313

EPSS Percentile 96.9%

Details

Status published

Products (1)

university_of_minnesota/gopher 3.0.9

Published Sep 02, 2005

Tracked Since Feb 18, 2026