SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  PerlEdit Vendors:  IndigoSTAR
PerlEdit Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1007032
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 23 2003
Impact:  Denial of service via network
Exploit Included:  Yes  
Advisory:  exploitlabs.com
Version(s): 1.07
Description:  A denial of service vulnerability was reported in PerlEdit. A remote user can cause the application to crash.

exploitlabs.com reported that a remote user can connect to the application on TCP port 1956 to cause PerlEdit to crash.
Impact:  A remote user can cause the application to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.indigostar.com/perledit.html (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  "morning_wood" <se_cur_ity@hotmail.com>
Message History:   None.

 Source Message Contents
Date:  Sat, 21 Jun 2003 01:47:20 -0700
From:  "morning_wood" <se_cur_ity@hotmail.com>
Subject:  [0day] PerlEdit

 

-= 0day - Freedom of Voice - Freedom of Choice =-

------------------------------------------------------------------
          - EXPL-A-2003-010 exploitlabs.com Advisory 010
------------------------------------------------------------------
                               -= PerlEdit =-


exploitlabs.com
June 21, 2003


Vunerability:
-------------
Remote Buffer Overflow

Product:
--------
PerlEdit
http://www.indigostar.com/perledit.html
All versions to current ( 1.07 )

Description of product:
-----------------------
"PerlEdit is an IDE for Perl and a general-purpose text editor.
It includes a source code text editor with syntax highlighting
and a visual debugger."

screenshot: http://www.indigostar.com/perledit_screenshots.html  



VUNERABILITY / EXPLOIT
======================

 Upon execution perledit binds to local TCP port 1956.
By connecting via Telnet localy or remotely causes the program
to crash, resulting in a total loss of unsaved data.

------------- 'sploit -------------------------

telnet host-running-perledit 1956

READY

( exit telnet ) remote perledit crashes.


 Further investigation may lead to more serious issues, I did not
persue as this was bad enough.


Local:
------
yes


Remote:
-------
yes


Vendor Fix:
-----------
No fix on 0day


Vendor Contact:
---------------
support@indigostar.com - Concurrent with this advisory


Credits:
--------
Donnie Werner
http://exploitlabs.com
http://nothackers.org - Freedom of Voice - Freedom of Choice

_______________________________________________
0day mailing list
0day@nothackers.org
http://nothackers.org/mailman/listinfo/0day


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC