UMN Gopherd Unauthorized FTP Proxy

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.

Synopsis :

The remote host is running a Gopher server that is configured as a

Description :

The remote host is running a UMN Gopher server.

It is possible to make the remote server connect to third
party FTP sites by sending the request

An attacker may exploit this flaw to connect to use the remote
gopher daemon as a proxy to connect to FTP servers without disclosing
their IP address.

An attacker could also exploit this flaw to 'ping' the hosts
of your network.

Solution :

Disable FTP support in the remote gopher server

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 16194 (gopher_proxy.nasl)

Bugtraq ID: 6782