All the vulnerabilites related to gnu - fileutils
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1309D6-E5D0-41FB-B7E0-2667EE34C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F6A8F0-396B-4484-9621-70FFC61BF4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2FE284-B564-48C7-9DA4-31A6D9AD3E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0049681-875E-4876-B2E4-519708F2BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"matchCriteriaId": "833542E5-B4E7-4995-95C9-E012AE13902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en ls en los paquetes fileutils o coreutils puede permitir a usuarios locales causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario mediante un valor -w, lo que podr\u00eda ser explotado remotamente mediante aplicaciones que usan ls, como wu-ftpd."
}
],
"id": "CVE-2003-0853",
"lastModified": "2024-11-20T23:45:40.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10126"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17069"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F6A8F0-396B-4484-9621-70FFC61BF4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2FE284-B564-48C7-9DA4-31A6D9AD3E38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a \"..\" directory that is higher than expected, possibly up to the root file system."
}
],
"id": "CVE-2002-0435",
"lastModified": "2024-11-20T23:39:05.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8432.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-015.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/260936"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8432.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/260936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4266"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1309D6-E5D0-41FB-B7E0-2667EE34C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F6A8F0-396B-4484-9621-70FFC61BF4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2FE284-B564-48C7-9DA4-31A6D9AD3E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0049681-875E-4876-B2E4-519708F2BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"matchCriteriaId": "833542E5-B4E7-4995-95C9-E012AE13902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
},
{
"lang": "es",
"value": "ls en los paquetes fileutils o coreutils permite a usuarios locales consumir una gran cantidad de memoria mediante un valor -w, lo que puede ser explotado remotamente mediante aplicaciones que usan ls, com wu-ftpd."
}
],
"id": "CVE-2003-0854",
"lastModified": "2024-11-20T23:45:40.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10126"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17069"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "cve@mitre.org",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2003-0854
Vulnerability from cvelistv5
Published
2003-10-25 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0854",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0435
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:49
Severity ?
EPSS score ?
Summary
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2003-016.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2003-015.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/4266 | vdb-entry, x_refsource_BID | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.securityfocus.com/archive/1/260936 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/8432.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:28.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:016",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-016.html"
},
{
"name": "MDKSA-2002:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html"
},
{
"name": "RHSA-2003:015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-015.html"
},
{
"name": "4266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4266"
},
{
"name": "CSSA-2002-018.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt"
},
{
"name": "20020310 GNU fileutils - recursive directory removal race condition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/260936"
},
{
"name": "gnu-fileutils-race-condition(8432)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8432.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a \"..\" directory that is higher than expected, possibly up to the root file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:016",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-016.html"
},
{
"name": "MDKSA-2002:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html"
},
{
"name": "RHSA-2003:015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-015.html"
},
{
"name": "4266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4266"
},
{
"name": "CSSA-2002-018.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt"
},
{
"name": "20020310 GNU fileutils - recursive directory removal race condition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/260936"
},
{
"name": "gnu-fileutils-race-condition(8432)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8432.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a \"..\" directory that is higher than expected, possibly up to the root file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:016",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-016.html"
},
{
"name": "MDKSA-2002:031",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php"
},
{
"name": "http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html",
"refsource": "CONFIRM",
"url": "http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html"
},
{
"name": "RHSA-2003:015",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-015.html"
},
{
"name": "4266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4266"
},
{
"name": "CSSA-2002-018.1",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt"
},
{
"name": "20020310 GNU fileutils - recursive directory removal race condition",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/260936"
},
{
"name": "gnu-fileutils-race-condition(8432)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8432.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0435",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:28.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0853
Vulnerability from cvelistv5
Published
2003-10-25 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-10-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0853",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}