
This advisory has been sent to:

	comp.security.unix
	INFOHAX			<infohax-emergency@stormking.com>
	BUGTRAQ			<chasin@crimelab.com>
	CERT/CC			<cert@cert.org>
	Gopher Maintainers	<gopher@gopher.tc.umn.edu>

===========================================================================
		[8lgm]-Advisory-4.UNIX.gopher.12-Feb-1992

PROGRAM:

	gopher(1)	(/usr/local/bin/gopher)
			UMN gopher client

VULNERABLE OS's:

	All versions are believed to have this vulnerability.

DESCRIPTION:

	Shell access can be gained from gopher(1), even when running
	in secure mode.  

IMPACT:

	gopher guest accounts are not secure.

REPEAT BY:

        This example demonstrates how to use gopher running in secure
	mode to gain access to sh.  Please do not do this unless you
	have permission.

	Create or modify a .Links file on any public gopher server,
	for example:

Type=8
Name=I'll give you a shell
Host=;/bin/sh
Port=
Path=

	Log into the gopher account, and access the server and
	directory containing the modified .Links file.  Select the
	"I'll give you a shell" item, and after quiting telnet the
	user has access to sh.

	It is also possible to create an entry that would not inform
	the user of a gopher client of the commands that are about to
	be executed.  It is therefore possible to leave commands on a 
	gopher server for unsuspecting users to execute.

ADVICE:

	1. Display techinical information about a link before 
	   connecting to other hosts using gopher.

	2. Consider disabling guest gopher logins in the interim.


FEEDBACK AND CONTACT INFORMATION:

	8lgm-bugs@bagpuss.demon.co.uk           (To report security flaws)

	8lgm-request@bagpuss.demon.co.uk        (Request for [8lgm] Advisories)

	8lgm@bagpuss.demon.co.uk                (General enquiries)


	System Administrators are encouraged to contact us for any
	other information they may require about the problems described
	in this advisory.

	We welcome reports about which platforms this flaw does or does
	not exist on.

===========================================================================


