IE all version Gopher security warning issued.
Results 1 to 3 of 3

Thread: IE all version Gopher security warning issued.

  1. June 13th, 2002, 12:04 PM #1
    Archer
    Archer is offline
    Registered User Archer's Avatar
    Join Date
    Mar 2000
    Location
    Blighty
    Posts
    4,224

    Exclamation IE all version Gopher security warning issued.

    Another IE warning issued by MS in regard to versions 5.01,5.5 and 6.

    Quote curtesy PC PRO:

    With the information out there for attackers to exploit a security flaw in Microsoft IE (versions 5.01, 5.5 and 6.0), Proxy Server 2.0 and ISA Server 2000, Microsoft has hurriedly issued a workaround to batten down the hatches while it works on a patch.

    The hatch in question is TCP port 70, which allows Gopher protocol traffic access. The Gopher is an Internet utility that transmits information across the Web through text, but is currently almost obselete. However, an unchecked buffer in a piece of code that handles response from Gopher servers could be exploited with a buffer overrun attack.

    By building a Web page that contacted the attacker's server, the vulnerability could be exploited when a target displayed the page, giving the attacker user privileges with IE victims, and potentially complete control over ISA and Proxy Servers, including formatting drives and adding administrator accounts.

    For full step by step instructions on the workaround for all the vulnerable products, head over to the Microsoft TechNet Web site and click open the Frequently Asked Questions tree. The instructions are at the bottom of that section.

    We'll keep you informed when a patch is available.

    Those instructions to shore up IE are reasonably straightforward and are listed below.

    Right Click on Internet Explorer(IE) Icon on the Desktop or while IE is open, Click on "Tools" and select "Internet Options"
    Click on the "Connections" Tab
    Click on the "LAN Settings..." button
    Uncheck "automatically detect settings"
    If "automatic configuration script" is set, check with your administrator if gopher server is called out.
    Check the "Use proxy server for your LAN..." Checkbox
    Click on the "Advanced..." button
    Ensure "use the same proxy server for all protocols" is unchecked.
    In the "Proxy addresses to use" textbox next to the word Gopher, Type "LocalHost"
    In the "Port" textbox next to the Gopher protocol, Type "1"
    Click 'OK' until the Internet Options Menu disappears.
    Reply With Quote Reply With Quote
  2. June 13th, 2002, 12:18 PM #2
    MacGyver
    MacGyver is offline
    Registered User MacGyver's Avatar
    Join Date
    Oct 2000
    Location
    Ottawa
    Posts
    4,232

    Post

    LMAO, I thought gopher was long since forgotten. The question is, do any hackers today know how to use it?
    Reply With Quote Reply With Quote
  3. June 13th, 2002, 12:56 PM #3
    Archer
    Archer is offline
    Registered User Archer's Avatar
    Join Date
    Mar 2000
    Location
    Blighty
    Posts
    4,224

    Post

    Seems at least someone knows how to exploit it,shows how old technology can sometimes come back and bite you in the butt and here was I thinking it was a small furry rodent.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules