UMN Gopherd Unauthorized FTP Proxy
Medium Nessus Plugin ID 16194
SynopsisThe remote host is running a Gopher server that is configured as a proxy.
DescriptionThe remote host is running a UMN Gopher server.
It is possible to make the remote server connect to third party FTP sites by sending the request 'ftp://hostname.of.the.ftp.server'.
An attacker may exploit this flaw to connect to use the remote gopher daemon as a proxy to connect to FTP servers without disclosing their IP address.
An attacker could also exploit this flaw to 'ping' the hosts of your network.
SolutionDisable FTP support in the remote gopher server