Microsoft Security Bulletin MS02-027 - Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Update)

[Newsbot]

Dieser Patch wurde vor 2 Tagen released. Da es aber zu Problemen gekommen ist, wurde dieses Update erneut aktualisiert. Es wird jedem geraten den Patch erneut zu installieren um Probleme zu vermeiden.

Microsoft released the original version of this bulletin. In it, we detailed a work-around procedure that customers could implement to protect themselves against a publicly disclosed vulnerability. An updated version of this bulletin was rereleased on June 14, 2002 to announce the availability of patches for Proxy Server 2.0 and ISA Server 2000 and to advise customers that the work-around procedure is no longer needed on those platforms. Patches for IE are forthcoming and this bulletin will be re-released to announce their availability.

The Gopher protocol is a legacy protocol that provides for the transfer of text-based information across the Internet. Information on Gopher servers is hierarchically presented using a menu system, and multiple Gopher servers can be linked together to form a collective "Gopherspace".

There is an unchecked buffer in a piece of code which handles the response from Gopher servers. This code is used independently in IE, ISA, and Proxy Server. A security vulnerability results because it is possible for an attacker to attempt to exploit this flaw by mounting a buffer overrun attack through a specially crafted server response. The attacker could seek to exploit the vulnerability by crafting a web page that contacted a server under the attacker's control. The attacker could then either post this page on a web site or send it as an HTML email. When the page was displayed and the server's response received and processed, the attack would be carried out.

A successful attack requires that the attacker be able to send information to the intended target. Anything which inhibited connectivity could protect against attempts to exploit this vulnerability. In the case of IE, the code would be run in the user's context. As a result, any limitations on the user would apply to the attacker's code as well.

Download