Perlbot remote shell command execution
| perlbot-shell-command-execution (10401) |  Medium Risk |
Description:
Perlbot could allow a remote attacker to execute shell commands, caused by improper filtering of user-supplied input. A remote attacker could pass arbitrary shell commands to the script, which would be executed on the system with the same privileges as the Perlbot script.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Fri Oct 18 2002 - 06:42:17 CDT : SCAN Associates Advisory: madhater perlbot 1.0 beta - Remote Command Execution.
- SourceForge.net: Project: Perlbot: Summary.
- BID-5998: Perlbot Remote Command Execution Vulnerability
- BID-5999: Perlbot Email Sending Remote Command Execution Vulnerability
- BID-6: SunOS SMI Sendmail Vulnerability
- BID-60: QuakeWorld Connect Buffer Overflow Vulnerability
- BID-600: Microsoft IE Virtual Machine Sandbox Vulnerability
- CVE-2002-1842: Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address.
Platforms Affected:
- Perlbot Project Perlbot 1.0 beta
Reported:
Oct 18, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net