Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps N-Z :: bt462.txt

PerlEdit





------------------------------------------------------------------
          - EXPL-A-2003-010 exploitlabs.com Advisory 010
------------------------------------------------------------------
                               -= PerlEdit =-


exploitlabs.com
June 21, 2003


Vunerability:
-------------
Remote Buffer Overflow

Product:
--------
PerlEdit
http://www.indigostar.com/perledit.html
All versions to current ( 1.07 )

Description of product:
-----------------------
"PerlEdit is an IDE for Perl and a general-purpose text editor.
It includes a source code text editor with syntax highlighting
and a visual debugger."

screenshot: http://www.indigostar.com/perledit_screenshots.html  



VUNERABILITY / EXPLOIT
======================

 Upon execution perledit binds to local TCP port 1956.
By connecting via Telnet localy or remotely causes the program
to crash, resulting in a total loss of unsaved data.

------------- 'sploit -------------------------

telnet host-running-perledit 1956

READY

( exit telnet ) remote perledit crashes.


 Further investigation may lead to more serious issues, I did not
persue as this was bad enough.


Local:
------
yes


Remote:
-------
yes


Vendor Fix:
-----------
No fix on 0day


Vendor Contact:
---------------
support@indigostar.com - Concurrent with this advisory


Credits:
--------
Donnie Werner
http://exploitlabs.com
http://nothackers.org - Freedom of Voice - Freedom of Choice


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH