| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Law11-OE29b1ZGI8tvG0004d19e@hotmail.com>
Date: Sat, 21 Jun 2003 01:47:20 -0700
From: "morning_wood" <se_cur_ity@...mail.com>
To: "0day" <0day@...hackers.org>, <support@...igostar.com>
Subject: PerlEdit
------------------------------------------------------------------
- EXPL-A-2003-010 exploitlabs.com Advisory 010
------------------------------------------------------------------
-= PerlEdit =-
exploitlabs.com
June 21, 2003
Vunerability:
-------------
Remote Buffer Overflow
Product:
--------
PerlEdit
http://www.indigostar.com/perledit.html
All versions to current ( 1.07 )
Description of product:
-----------------------
"PerlEdit is an IDE for Perl and a general-purpose text editor.
It includes a source code text editor with syntax highlighting
and a visual debugger."
screenshot: http://www.indigostar.com/perledit_screenshots.html
VUNERABILITY / EXPLOIT
======================
Upon execution perledit binds to local TCP port 1956.
By connecting via Telnet localy or remotely causes the program
to crash, resulting in a total loss of unsaved data.
------------- 'sploit -------------------------
telnet host-running-perledit 1956
READY
( exit telnet ) remote perledit crashes.
Further investigation may lead to more serious issues, I did not
persue as this was bad enough.
Local:
------
yes
Remote:
-------
yes
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
support@...igostar.com - Concurrent with this advisory
Credits:
--------
Donnie Werner
http://exploitlabs.com
http://nothackers.org - Freedom of Voice - Freedom of Choice
Powered by blists - more mailing lists