COMMAND

    gopher(1)

SYSTEMS AFFECTED

    All systems running the UMN gopher client.
    All versions are believed to have this vulnerability.

PROBLEM

    Shell access can  be gained from  gopher(1), even when  running in
    secure mode. Therefore gopher guest accounts are not secure.  This
    example demostrates how  to use gopher  running in secure  mode to
    gain access to sh.  Create or modify a  .Links file on any  public
    gopher server, for example:

        Type=8
        Name=I'll give you a shell
        Host=;/bin/sh
        Port=
        Path=

    Log into the gopher account,  and access the server and  directory
    containing the modified .Links file.  Select the "I'll give you  a
    shell" item, and after quiting  the telnet the user has  access to
    sh. It is also possible to  create an entry that would not  inform
    the user of a gopher client  of the commands that are about  to be
    executed. It is  therefore possible to  leave commands ona  gopher
    server for unsuspecting users to execute.