-
June 5th, 2002, 03:37 PM
#1
IE Gopher Vulnerability
gopher...gopher...ya you read it right....check out the webopedia link...since many of you were probably wearing diapers when gopher was popular...
INFORMATION ALERT
AN EMERGING ISSUE WITH:
MICROSOFT IE 5.5 AND 6.0 GOPHER ENGINE BUFFER OVERFLOW
SEVERITY:
Medium
DATE:
June 4, 2002
SUMMARY:
In a post to Bugtraq today, Jouko Pynnonen described a buffer
overflow in Microsoft Internet Explorer (IE) 5.5 and 6's Gopher
engine. By sending you an HTML e-mail or enticing you to a malicious
Web site, a hacker could exploit this buffer overflow to run
malicious code on your machine. There is no direct impact on
WatchGuard products. Administrators using IE in their network should
have their clients follow the workaround below until a patch is
available.
EXPOSURE:
Gopher <http://www.webopedia.com/TERM/g/gopher.html> is an old
system used to organize and display files on the Internet, now
outdated by HTML Web technology. Although few people use it
nowadays, IE includes built-in, legacy Gopher support.
In his advisory <http://online.securityfocus.com/arch...75344/2002-06-
01/2002-06-07/0>,
Jouko Pynnonen describes a buffer overflow
<https://www3.watchguard.com/archive/....asp?pack=1188>
found in IE 5.5 and 6's Gopher engine. A hacker could send you an
HTML e-mail or entice you to a Web site that redirects you to his
malicious Gopher server. The malicious server could then send an
overly long string that would cause a buffer overflow in IE's Gopher
engine. A well crafted buffer overflow could execute arbitrary code
on your system, which may result in the hacker taking control of
your computer.
Keep in mind, even if you normally don't use Gopher, the Gopher code
is present within IE. A hacker could craft this attack in a way that
you might unknowingly follow a Gopher link from a Web page or HTML
e-mail, without you realizing you are using Gopher (until it's too
late).
SOLUTION PATH:
Microsoft has not yet released a patch. However, Pynnonen has
supplied a viable workaround. Defining a non-functional proxy for
Gopher prevents IE from downloading any Gopher documents. Here's
how:
* In Internet Explorer click on Tools => Internet Options =>
Connections tab.
* Click the LAN Settings button.
* Check, "Use a proxy server for your LAN" and then click the
Advanced button.
* Under the "Gopher" dialogs, enter 127.0.0.1 as the proxy
server and 1 as the port.
* Click Ok three times to return to IE's normal display.
-- For WatchGuard SOHO Users:
Gopher traffic passes over TCP port 70. You can use your SOHO to
egress filter Gopher traffic. From the SOHO management page, click
the Custom Service link. Input "gopher" as the Service Name and add
TCP port 70 under Protocol Settings. Press the Submit button at the
bottom of the page. Next click Outgoing on the left side of the
page. Scroll down to Custom Services and find your new "gopher"
service. Change the "gopher" service's Filter to "Deny" and press
the Submit button at the bottom of the page. This will protect your
users from this buffer overflow vulnerability. Keep in mind, this
also prevents your users from accessing normal Gopher documents as
well.
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
June 5th, 2002, 03:54 PM
#2
I remeber gopher. That system kicked ass. I think we should dump the internet and go back to using gopher and archie and veronica. I miss the simplicty and the speed.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
June 5th, 2002, 04:07 PM
#3
I think we should dump the internet and go back to using gopher and archie and veronica. I miss the simplicty and the speed.
<shameless plug>
oh...and btw...check out my article in AO Newsletter 3 if you want some more info on what souleman is talking about...
</shameless plug>
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
June 5th, 2002, 10:55 PM
#4
Junior Member
Re: IE Gopher Vulnerability
CodeTek Studios has just released, for free public beta, SafeOffice 1.0 for Windows XP. It is designed to prevent vulnerabilities just like this from being able to cause any damage to your system.
SafeOffice is able to provide an extra layer of security for people running Internet Explorer, Outlook Express, AOL Instant Messenger, and more. And it will prevent these vulnerabilities from being used by an attacker to corrupt your system or to view your private data, even on an unpatched system.
For more information, or to try out the beta for free, go to: http://www.codetek.com/php/beta.php
-
June 5th, 2002, 11:05 PM
#5
talk about shameless plugs...you gonna fork over some cash to JP for that ad?
fyi...regardless of the value of your product...it is highly inappropriate to post such unsolicited material here...
i expect you shall be soundly flamed...so i will step aside now...
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
June 5th, 2002, 11:24 PM
#6
Senior Member
gopher is umm not really used anymore.. anyways, not like most people are in real danger... just wait out for the patch.. unless its out already.. whatever
-
June 5th, 2002, 11:30 PM
#7
Keep in mind, even if you normally don't use Gopher, the Gopher code
is present within IE. A hacker could craft this attack in a way that
you might unknowingly follow a Gopher link from a Web page or HTML
e-mail, without you realizing you are using Gopher (until it's too
late).
not like most people are in real danger... just wait out for the patch.. unless its out already.. whatever
hmmm...not a great way to look a security...do you work for microsoft????
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|