Security flaw Gopher in IE

Discussion in 'other security issues & news' started by FanJ, Jun 5, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Security flaw Gopher in IE:

    https://grc.com/x/news.exe?cmd=article&group=grc.security.software&item=62643&utag=

    Quoted from http://story.news.yahoo.com/news?tmpl=story&u=/ap/20020605/ap_wo_en_bu/us_microsoft_security_flaw_1

    Read more:
    http://story.news.yahoo.com/news?tmpl=story&u=/ap/20020605/ap_wo_en_bu/us_microsoft_security_flaw_1


    Discussed at the DSLR-security-forum:
    http://www.dslreports.com/forum/remark,3473369~root=security,1~mode=flat
     
  2. FanJ

    FanJ Guest

    The site where it was original mentioned:

    http://www.solutions.fi/index.cgi/news_2002_06_05?lang=fi

    See also:

    http://www.nullium.com/modules.php?...le=article&sid=53&mode=thread&order=0&thold=0

    Quoted from that last site:

     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    IE has a proxy setting for Gopher.  Wouldn't using this be a simple workaround?   o_O
     
  4. FanJ

    FanJ Guest

    Hi Checkout,

    Yes, that was written in that part that I quoted.
    Again:

    -begin quote-

    An easy way to disable processing and displaying gopher pages is to define a non-functional gopher proxy in Internet Options. Select Tools -> Internet options -> Connections. Click on "LAN settings". Check "Use a proxy server for your LAN". Click on "Advanced...". Here you can define proxy servers to be used with different protocols. Go to the Gopher text field and enter "localhost", and "1" in the port text field. This will stop Internet Explorer from fetching any gopher documents.  

    -end quote-

    I tried that yesterday, but somehow it didn't work for me, I still got that text-page. I don't know why, and whether I did something wrong....
     
  5. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    FanJ, are you suggesting I actually read what you've written?   :D

    Duh!  I must try harder!
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    On mine (WinMe, that is), just putting "<local>" in the HTTP column results in the greying out of all the other fields - of course, it really doesn't matter here since I'm not ON a LAN. Pete
     
  7. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    Thanks, FanJ! I just finished applying your solution (I do work from a LAN). When I tried the test link I got a "This Page Cannot Be Displayed" message. Seems appropriate. Also,
    It probably did not work because you didn't turn off Internet Explorer and then put it back on so it recognizes the changes you made. I did this, then came back here and used the link. Did I do it right? I will pass this along to my PC Club. :D
     
  8. Bouch

    Bouch Registered Member

    Joined:
    Apr 14, 2002
    Posts:
    26
    Location:
    Toronto Canada
    This may be too simplistic. You tell me. Why can't a guy just write a firewall rule for IE denying any outbound TCP to port 70? (at least until M$ comes out with a patch)

    Ok, after doing a little more reading, I'll answer my own question:
    Oh well, it seemed reasonable at the time. I'll leave the post just in case it seems reasonable to somebody else.
     
  9. FanJ

    FanJ Guest

  10. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
  11. snowman

    snowman Guest

    ****Gopher Smoker v0.6
    OS: Win95, 98, 2000, XP
    Program Info: gopher.info
    Size: 257k


    I notice that winME is not mentioned. WinME does has file protection so I am un-certain if this would be a problem with the "fix" or not...my guess is that it would not....but some of the more knowledgable here would better be the judge.

    snowman
     
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    snowman,

    the app is ME compatible. As stated: didn't test it though.

    regards.

    paul
     
  13. snowman

    snowman Guest

    Paul.......thanking ya.......may give it a test drive later..not now...during the business week

    snowman

    P.S

    ot: Paul there is a 66' corvette...327...that is up for sale in my area...guy asking $28K.....I just had to "inquire" and take it for a spin.....oooooooooooooh man!!! of course the price is out of my reach....
     
  14. Hey all,
    Thanks for supporting the PivX fix- I really appreciate it. I was alerted to this site after I saw a surge of hits from it. - thought I would drop in.

    We just did a press release that you might be aware of, and another this am. http://www.pressreleasenetwork.com/pr-2002/june/mainpr1298.htm

    WARNING: Dont use the microsoft work around, go to our site and and see why. LOL- classic microsoft- they release a fix that breaks their own software! http://www.pivx.com/gsmoker.html (see bottom of page how-to test condition)


    Thank You,

    Geoff Shively, CTO
    PivX Solutions, LLC

    Contact & Info:
    http://www.PivX.com
     
  15. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Geoff - welcome to the forum and thanks for the fix.

    Applied it yesterday as soon as I read about it here and haven't noticed any adverse effects from it (running WinME here - if there had been adverse effects, it probably would have been hard to tell! <g> ) . Pete
     
  16. snowy

    snowy Guest

    Geoff

    thank you for supplieing the "fix"..much appreciated...I find a couple of your other products very interesting.



    Spy 1

    Pete thanks for posting that you installed the fix without problems.....during the business week I need to be careful with installs for work related reasons.
    snowy(snowman)
     
  17. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Thanks Pete,

    I also applied the patch on WinMe - no problems here :D

    WMP plays now again :D
     
  18. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Single-click security is one of my favorite things! :) Pete
     
  19. FanJ

    FanJ Guest

    Somehow the fix from PivX doesn't work for me.
    Using PivXGopher-Smoker v0.6

    I install that fix, it says it is installed.

    I go from this thread to:
    http://www.nullium.com/modules.php?op=modload&name=News&file=article&sid=53&mode=thread&order=0&thold=0

    I do the test at that site.
    Then I still get that page shown that tells you:

    If you see this document, then you are using gopher. If this appears in your Internet Explorer, then you're likely to be vulnerable to the gopher buffer overflow bug. etc.

    I then go again to my PivXGopher-Smoker v0.6, check there and what do I see:
    patch NOT installed

    Windows 98SE, Dutch; IE5.5
    Am I doing something wrong?
     
  20. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Hi Jan,

    I applied the "fix/patch" to WinMe and Win98 and no problems at all. Having IE 5.5 SP2.

    Just a thought, I saw you have IE 5.5 wouldn't it be better to update to IE 5.5 SP2 ?? Maybe this could be the reason?? Could give it a try ;)
     
  21. FanJ

    FanJ Guest

    Hi Marianna,

    Yes, I have SP2; I should have mentioned that, sorry.

    IE 5.50.4807.2300
    SP2;
    Q316059
    Q319182
    q313829
    Q321232
     
  22. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
  23. FanJ

    FanJ Guest

    Thanks very much Marianna !!! :)

    I'm going to have a look there !
    Did it happen again that we with non-English versions of Windows don't get updates ? Grrr
    Or maybe it was my own fault....

    PS: I repaired the links in your posting to make them more easy clickable.
     
  24. FanJ

    FanJ Guest

    I have this:

    IE 5.50.4807.2300
    SP2;
    Q316059
    Q319182
    q313829
    Q321232

    Marianna has also these:

    Q 312461 -
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q312461

    Q 313675 -
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q313675



    Q312461
    MS01-055
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-051.asp
    MS02-005: February 11, 2002, Cumulative Patch for Internet Explorer (Q316059)
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316059

    From that last site quoted:

    My conclusion:
    Since I have Q321232, I also have Q312461 and Q313675


    Am I right with my conclusion?
     
  25. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Hi Jan,

    you did a heck of a job :D

    Yes, you are right with your conclusion!

    Now back to "your" problem......did you "undo" the workaround?? I did before I applied the "fix". I don't know whether it makes a difference or not, I'm on cable.

    Well, I'll keep an eye on it - I didn't hear yet any problems on our forum!

    Thanks for "healing" my links - what did I do wrong?? I copied\pasted the links.
     
Loading...
Thread Status:
Not open for further replies.