right, i did not know exactly how to classify it, mabey there is a buffer for the connection and its not flushing on disconnect?? it does bind to 0.0.0.0:1956 I assume looking at the file it is for traceback function in the registered version. Nevertheless a interesting scenario for a DoS, type of thing targeted at a user is quite interesting.
morning_wood ----- Original Message ----- From: "petard" <[EMAIL PROTECTED]> To: "morning_wood" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, June 22, 2003 2:11 PM Subject: Re: [Full-Disclosure] Indigostar - Perledit > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, Jun 22, 2003 at 03:12:31AM -0700, morning_wood wrote: > > Vunerability: > > ------------- > > Remote Overflow > > What evidence did you see that this is an overflow? While I wouldn't discount > the possibility of an overflow being present somewhere here, the crash alone > doesn't necessarily imply an overflow. In fact, I'd say that this most likely > isn't unless there is some specific evidence to the contrary. > > At any rate, this does certainly open the possibility of an irritating denial > of service attack against perledit users. It should almost certainly only > listen on 127.0.0.0.1:1956 instead of 0.0.0.0:1956. Does anyone know why this > editor accepts remote connections in the first place? > > Regards, > petard > > - -- > "There are 10 kinds of people in this world: those who understand binary, > and those who don't." --unknown > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (NetBSD) > > iD8DBQE+9htjgkiZ59A0kiQRAu+XAJ908VfLIqeRYFRwKh9H0+APQJcD/QCbBnD7 > hg2vhT8CQ/wLpC8kntV1WKI= > =FUYA > -----END PGP SIGNATURE----- > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
