UMN Gopherd Unauthorized FTP Proxy

Medium Nessus Plugin ID 16194


The remote host is running a Gopher server that is configured as a proxy.


The remote host is running a UMN Gopher server.

It is possible to make the remote server connect to third party FTP sites by sending the request 'ftp://hostname.of.the.ftp.server'.

An attacker may exploit this flaw to connect to use the remote gopher daemon as a proxy to connect to FTP servers without disclosing their IP address.

An attacker could also exploit this flaw to 'ping' the hosts of your network.


Disable FTP support in the remote gopher server

Plugin Details

Severity: Medium

ID: 16194

File Name: gopher_proxy.nasl

Version: $Revision: 1.7 $

Type: remote

Family: Firewalls

Published: 2005/01/18

Modified: 2011/03/11

Dependencies: 11153

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 6782

OSVDB: 55534