8lgm-04.txt
b39560bbffd58efa15aeb1ec2803e87d52d4be4c84e9e9325b6016476db701f8
This advisory has been sent to:
comp.security.unix
INFOHAX <infohax-emergency@stormking.com>
BUGTRAQ <chasin@crimelab.com>
CERT/CC <cert@cert.org>
Gopher Maintainers <gopher@gopher.tc.umn.edu>
===========================================================================
[8lgm]-Advisory-4.UNIX.gopher.12-Feb-1992
PROGRAM:
gopher(1) (/usr/local/bin/gopher)
UMN gopher client
VULNERABLE OS's:
All versions are believed to have this vulnerability.
DESCRIPTION:
Shell access can be gained from gopher(1), even when running
in secure mode.
IMPACT:
gopher guest accounts are not secure.
REPEAT BY:
This example demonstrates how to use gopher running in secure
mode to gain access to sh. Please do not do this unless you
have permission.
Create or modify a .Links file on any public gopher server,
for example:
Type=8
Name=I'll give you a shell
Host=;/bin/sh
Port=
Path=
Log into the gopher account, and access the server and
directory containing the modified .Links file. Select the
"I'll give you a shell" item, and after quiting telnet the
user has access to sh.
It is also possible to create an entry that would not inform
the user of a gopher client of the commands that are about to
be executed. It is therefore possible to leave commands on a
gopher server for unsuspecting users to execute.
ADVICE:
1. Display techinical information about a link before
connecting to other hosts using gopher.
2. Consider disabling guest gopher logins in the interim.
FEEDBACK AND CONTACT INFORMATION:
8lgm-bugs@bagpuss.demon.co.uk (To report security flaws)
8lgm-request@bagpuss.demon.co.uk (Request for [8lgm] Advisories)
8lgm@bagpuss.demon.co.uk (General enquiries)
System Administrators are encouraged to contact us for any
other information they may require about the problems described
in this advisory.
We welcome reports about which platforms this flaw does or does
not exist on.
===========================================================================