Results 1 to 4 of 4

Thread: Unchecked Buffer in Gopher Protocol Handler-Q323759 Security Update

  1. #1
    Senior Member
    Join Date
    Feb 2002

    Exclamation Unchecked Buffer in Gopher Protocol Handler-Q323759 Security Update

    Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Q323889)
    Originally posted: June 11, 2002

    Who should read this bulletin: Customers using Microsoft® Internet Explorer; System administrators running Microsoft Internet Security and Acceleration (ISA) Server 2000 or Microsoft Proxy Server 2.0.

    Impact of vulnerability: Run Code of Attacker's Choice.

    Maximum Severity Rating: Critical

    Recommendation: Customers should implement the workaround detailed in the FAQ.

    Affected Software:

    Microsoft Internet Explorer
    Microsoft Proxy Server 2.0
    Microsoft ISA Server 2000

    Patches are under development and will be posted as soon as they are completed


  2. #2
    Senior Member
    Join Date
    Nov 2001
    I dont know if I have to be sad or bad .

    Source: focus-ms@securityfocus.com

    What classic MS, their newest critical alert dealing with the Gopher Root Vulnerability discussed on Security Focus last week <url> seems to break windows media player.

    Is there any validity to this- and, does their fix work?

    More info on the microsoft critical alert: MS02-027

    More info on the breakage: http://www.pivx.com/workaround_fail.html
    I found a response on the text above..

    Source: focus-ms@securityfocus.com

    Why would you phrase the question like this when you *are* PivX, know the vulnerability exists, and have your own fix for it?

    I mean, asking "is there any validity to this" seems almost like you are trying to pretend to be an unattached 3rd party-- To me, anyway...

    I would think it would be just fine to say "Hey, here is the problem, we have verified it, and we have a solution.... "

    Of course, feel free to correct me if I am wrong...

    They do have small flame's in "focus-ms" aswell .

  3. #3
    Senior Member
    Join Date
    Feb 2002
    what do you say we form a posse and go there and flame away... lol

  4. #4
    Senior Member
    Join Date
    Apr 2002
    Just goes to show you M$ has no clue as to what gopher was or even why they put it into their OS, oops I think they pay right to use it to the dot edu that invented it, or was it winsock? In short have not allowed gopher on any of my servers as a service since ohooo 1996. Gopher is not new is old, like Archie, Varonica...now JugHead that be M$...then again mention finger in 1996 and newbies thought well cyber sex...LOL...oh never mind ;D I'm all for the possie
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts