Perlpodder Arbitrary Shell Command Execution Vulnerability
BID:18067
CVE-2006-2550 |Info
Perlpodder Arbitrary Shell Command Execution Vulnerability
| Bugtraq ID: | 18067 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 22 2006 12:00AM |
| Updated: | May 23 2006 09:08PM |
| Credit: | RedTeam Pentesting is credited with the discovery of this vulnerability. |
| Vulnerable: |
Perlpodder Perlpodder 0.4 |
| Not Vulnerable: |
Perlpodder Perlpodder 0.5 |
Discussion
Perlpodder Arbitrary Shell Command Execution Vulnerability
Perlpodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary shell commands on the vulnerable computer in the context of the running application.
Perlpodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary shell commands on the vulnerable computer in the context of the running application.
Exploit / POC
Perlpodder Arbitrary Shell Command Execution Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
Perlpodder Arbitrary Shell Command Execution Vulnerability
Solution:
The vendor has released version 0.5 to address this issue.
Perlpodder Perlpodder 0.4
Solution:
The vendor has released version 0.5 to address this issue.
Perlpodder Perlpodder 0.4
-
Perlpodder perlpodder-0.5.tar.gz
http://prdownloads.sourceforge.net/perlpodder/perlpodder-0.5.tar.gz?do wnload
References
Perlpodder Arbitrary Shell Command Execution Vulnerability
References:
References:
- Advisory: Perlpodder Remote Arbitrary Command Execution (RedTeam)
- Perlpodder Homepage (Perlpodder)
- Perlpodder Remote Arbitrary Command Execution (RedTeam Pentesting)