Results 1 to 4 of 4

Thread: Unchecked Buffer in Gopher Protocol Handler-Q323759 Security Update

  1. June 13th, 2002, 03:33 AM #1
    sumdumguy
    sumdumguy is offline
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210

    Exclamation Unchecked Buffer in Gopher Protocol Handler-Q323759 Security Update

    Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Q323889)
    Originally posted: June 11, 2002

    Summary
    Who should read this bulletin: Customers using Microsoft® Internet Explorer; System administrators running Microsoft Internet Security and Acceleration (ISA) Server 2000 or Microsoft Proxy Server 2.0.

    Impact of vulnerability: Run Code of Attacker's Choice.

    Maximum Severity Rating: Critical

    Recommendation: Customers should implement the workaround detailed in the FAQ.

    Affected Software:

    Microsoft Internet Explorer
    Microsoft Proxy Server 2.0
    Microsoft ISA Server 2000

    Patches are under development and will be posted as soon as they are completed

    http://www.microsoft.com/technet/sec...n/MS02-027.asp
    Reply With Quote Reply With Quote
  2. June 13th, 2002, 07:41 PM #2
    micael
    micael is offline
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    I dont know if I have to be sad or bad .

    Source: [email protected]

    What classic MS, their newest critical alert dealing with the Gopher Root Vulnerability discussed on Security Focus last week <url> seems to break windows media player.

    Is there any validity to this- and, does their fix work?

    More info on the microsoft critical alert: MS02-027

    More info on the breakage: http://www.pivx.com/workaround_fail.html
    I found a response on the text above..

    Source: [email protected]

    Why would you phrase the question like this when you *are* PivX, know the vulnerability exists, and have your own fix for it?

    I mean, asking "is there any validity to this" seems almost like you are trying to pretend to be an unattached 3rd party-- To me, anyway...

    I would think it would be just fine to say "Hey, here is the problem, we have verified it, and we have a solution.... "

    Of course, feel free to correct me if I am wrong...

    AD
    They do have small flame's in "focus-ms" aswell .
    Reply With Quote Reply With Quote
  3. June 14th, 2002, 12:32 AM #3
    sumdumguy
    sumdumguy is offline
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    what do you say we form a posse and go there and flame away... lol
    Reply With Quote Reply With Quote
  4. June 14th, 2002, 03:22 AM #4
    Palemoon
    Palemoon is offline
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Just goes to show you M$ has no clue as to what gopher was or even why they put it into their OS, oops I think they pay right to use it to the dot edu that invented it, or was it winsock? In short have not allowed gopher on any of my servers as a service since ohooo 1996. Gopher is not new is old, like Archie, Varonica...now JugHead that be M$...then again mention finger in 1996 and newbies thought well cyber sex...LOL...oh never mind ;D I'm all for the possie
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules