Fiche créée le 2005-05-17 05:27:04, dernière mise à jour le 2008-03-02 23:51:53
A local overflow exists in ActivePerl for Win32. The interpreter fails to do proper bounds checking on input to the system()function resulting in a buffer overflow. With a specially crafted request, an attacker can cause an interpreter crash resulting in a loss of availability. It may be possible to manipulate the input so as to cause execution of arbitrary code resulting in a loss of confidentiality.
|
| |
| ActiveState 5.6.3 Affected |
| ActiveState 5.6.2 Affected |
| ActiveState 5.6.1 Affected |
| ActiveState 5.7.1 Affected |
| ActiveState 5.7.2 Affected |
| ActiveState 5.7.3 Affected |
| ActiveState 5.8.0 Affected |
| ActiveState 5.8.1 Affected |
| ActiveState 5.8.2 Affected |
| ActiveState 5.8.3 Affected |
| ActiveState 5.8.4 Affected |
| |
Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. |
Découvert le 2004-05-18 05:27:06
|
Attack Type : Denial of Service
saturation flood, crash, lock up, forced reboot. |
| |
| Disclosure : OSVDB Verified |
Confirmé le 2004-05-18 05:27:06
|
| Exploit : Exploit Public |
Exploit découvert le 2004-05-17 07:00:00
|
Impact : Loss of Availability
Assurance of timely and reliable access to data.
Examples: any DoS attack of any kind, unauthorized file deletion, etc. anything that can cause the availability of a service or information to be impacted. |
| |
Location : Local Access Required
Requires a local account, shell access, etc. Any vulnerability that doesn't require network layer to exploit. |
| |
| |
| External refs : |
| OSVDB 16903 |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
