CVE-2005-2772

University of Minnesota gopher client 3.0.9 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2772. PoCs published by vade79.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in the Internet Gopher Client (v3.0.9+) via the '+VIEWS:' processing function. It delivers a bindshell payload to achieve remote code execution on the client system.

Description

Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by vade79 · clocallinux

https://www.exploit-db.com/exploits/1187

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in the Internet Gopher Client (v3.0.9+) via the '+VIEWS:' processing function. It delivers a bindshell payload to achieve remote code execution on the client system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Internet Gopher Client v3.0.9+

No auth needed

Prerequisites: Network access to the target client · Target client must connect to a malicious gopher server

MITRE ATT&CK