What is CVE-1999-0124?

CVE-1999-0124 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 10.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-1999-0124

HIGH10.0/ 10.0

Published: August 9, 1993 at 04:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.

CVSS Metrics

Base Score

10.0

Severity

HIGH

Vector String

AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Gopher servers running vulnerable versions are susceptible to a critical vulnerability, allowing attackers to read arbitrary files accessible to the gopher daemon. This can lead to sensitive data disclosure, including configuration files, user credentials, and potentially even system files, compromising the entire system's integrity.

02 // Vulnerability Mechanism

Step 1: Target Identification: Identify a gopher server running a vulnerable version (1.12 or 2.0x).

Step 2: Craft Malicious Request: Construct a gopher request that includes a path traversal sequence (e.g., ../../../etc/passwd).

Step 3: Request Submission: Send the crafted request to the gopher server.

Step 4: Server Processing: The gopher server, lacking proper input validation, processes the malicious path.

Step 5: File Retrieval: The server attempts to retrieve the file specified by the crafted path (e.g., /etc/passwd).

Step 6: Data Disclosure: The server returns the contents of the requested file to the attacker, leading to information disclosure.

03 // Deep Technical Analysis

The vulnerability stems from insufficient input validation and access control within the UMN gopher and gopher+ server implementations. Specifically, the gopher server fails to properly sanitize user-supplied input used to construct file paths. This allows an attacker to craft malicious requests that specify paths outside the intended document root, enabling them to read any file the gopher daemon has permissions to access. The root cause is a lack of proper path traversal protection, leading to unauthorized file access. The vulnerability is exacerbated by the gopher daemon's typically elevated privileges, granting attackers access to a wide range of system resources.