Mel
0
Sorry about the bad pun
Microsoft security bulletin
Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Q323889)
Date: 11 June 2002
Software: Internet Explorer, Proxy Server, Internet Security and
Acceleration Server
Impact: Run Code of Attacker's Choice
Max Risk: Critical
Bulletin: MS02-027
No official patch is available yet.
Microsoft suggest setting your firewall to block TCP port 70 while they sort it.
(Gopher is a legacy protocol)
or this -
******************
Right Click on Internet Explorer(IE) Icon on the
Desktop or while IE is open, Click on "Tools" and select "Internet Options"
Click on the "Connections" Tab
Click on the "LAN Settings..." button
Uncheck “automatically detect settings”
If "automatic configuration script" is set, check with your administrator if gopher server is called out.
Check the "Use proxy server for your LAN..." Checkbox
Click on the "Advanced..." button
Ensure “use the same proxy server for all protocols” is unchecked.
In the "Proxy addresses to use" textbox next to the word Gopher, Type "LocalHost"
In the "Port" textbox next to the Gopher protocol, Type "1"
Click 'OK' until the Internet Options Menu disappears.
Dialup users can find the proxy settings by selecting a dialup connection under "Dialup settings" and clicking "Settings...".
<a href="http://gopher://www.solutions.fi:7000/0" target="_blank">Click this to test</a>
***************
For full details see-
<a href="http://www.microsoft.com/technet/security/bulletin/MS02-027.asp" target="_blank">http://www.microsoft.com/technet/security/bulletin/MS02-027.asp</a>
A clearer explaination is available here
<a href="http://www.solutions.fi/index.cgi/news_2002_06_04?lang=en" target="_blank">http://www.solutions.fi/index.cgi/news_2002_06_04?lang=en</a>
& there is also a third party patch available if you follow the unpatched link in this thread (I haven't tried it)
<a href="http://www.ispreview.co.uk/ubb2/ultimatebb.php?ubb=get_topic;f=216;t=000010" target="_blank">http://www.ispreview.co.uk/ubb2/ultimatebb.php?ubb=get_topic;f=216;t=000010</a>
<small>[ 12-06-2002, 09:54 PM: Message edited by: Mel ]</small>
Microsoft security bulletin
Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Q323889)
Date: 11 June 2002
Software: Internet Explorer, Proxy Server, Internet Security and
Acceleration Server
Impact: Run Code of Attacker's Choice
Max Risk: Critical
Bulletin: MS02-027
No official patch is available yet.
Microsoft suggest setting your firewall to block TCP port 70 while they sort it.
(Gopher is a legacy protocol)
or this -
******************
Right Click on Internet Explorer(IE) Icon on the
Desktop or while IE is open, Click on "Tools" and select "Internet Options"
Click on the "Connections" Tab
Click on the "LAN Settings..." button
Uncheck “automatically detect settings”
If "automatic configuration script" is set, check with your administrator if gopher server is called out.
Check the "Use proxy server for your LAN..." Checkbox
Click on the "Advanced..." button
Ensure “use the same proxy server for all protocols” is unchecked.
In the "Proxy addresses to use" textbox next to the word Gopher, Type "LocalHost"
In the "Port" textbox next to the Gopher protocol, Type "1"
Click 'OK' until the Internet Options Menu disappears.
Dialup users can find the proxy settings by selecting a dialup connection under "Dialup settings" and clicking "Settings...".
<a href="http://gopher://www.solutions.fi:7000/0" target="_blank">Click this to test</a>
***************
For full details see-
<a href="http://www.microsoft.com/technet/security/bulletin/MS02-027.asp" target="_blank">http://www.microsoft.com/technet/security/bulletin/MS02-027.asp</a>
A clearer explaination is available here
<a href="http://www.solutions.fi/index.cgi/news_2002_06_04?lang=en" target="_blank">http://www.solutions.fi/index.cgi/news_2002_06_04?lang=en</a>
& there is also a third party patch available if you follow the unpatched link in this thread (I haven't tried it)
<a href="http://www.ispreview.co.uk/ubb2/ultimatebb.php?ubb=get_topic;f=216;t=000010" target="_blank">http://www.ispreview.co.uk/ubb2/ultimatebb.php?ubb=get_topic;f=216;t=000010</a>
<small>[ 12-06-2002, 09:54 PM: Message edited by: Mel ]</small>























