cvelistv5 - CVE-2003-0854

CVE-2003-0854

Vulnerability from cvelistv5

Published

2003-10-25 04:00

Modified

2024-08-08 02:05

Severity ?

Summary

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

References

URL	Tags
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html
cve@mitre.org	http://secunia.com/advisories/10126	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/17069	Vendor Advisory
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
cve@mitre.org	http://www.debian.org/security/2005/dsa-705
cve@mitre.org	http://www.guninski.com/binls.html
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2003:106
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-309.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-310.html
cve@mitre.org	http://www.securityfocus.com/advisories/6014
cve@mitre.org	http://www.turbolinux.com/security/TLSA-2003-60.txt
cve@mitre.org	https://www.exploit-db.com/exploits/115
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/10126	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17069	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2005/dsa-705
af854a3a-2127-422b-91ae-364da2661108	http://www.guninski.com/binls.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2003:106
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-309.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-310.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/advisories/6014
af854a3a-2127-422b-91ae-364da2661108	http://www.turbolinux.com/security/TLSA-2003-60.txt
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/115

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-705",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-705"
          },
          {
            "name": "CLA-2003:771",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
          },
          {
            "name": "115",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/115"
          },
          {
            "name": "CLA-2003:768",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
          },
          {
            "name": "20031022 Fun with /bin/ls, yet still ls better than windows",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
          },
          {
            "name": "RHSA-2003:309",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
          },
          {
            "name": "TLSA-2003-60",
            "tags": [
              "vendor-advisory",
              "x_refsource_TURBO",
              "x_transferred"
            ],
            "url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
          },
          {
            "name": "RHSA-2003:310",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
          },
          {
            "name": "IMNX-2003-7+-026-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_IMMUNIX",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/advisories/6014"
          },
          {
            "name": "17069",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17069"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.guninski.com/binls.html"
          },
          {
            "name": "10126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10126"
          },
          {
            "name": "MDKSA-2003:106",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-705",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-705"
        },
        {
          "name": "CLA-2003:771",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
        },
        {
          "name": "115",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/115"
        },
        {
          "name": "CLA-2003:768",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
        },
        {
          "name": "20031022 Fun with /bin/ls, yet still ls better than windows",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
        },
        {
          "name": "RHSA-2003:309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
        },
        {
          "name": "TLSA-2003-60",
          "tags": [
            "vendor-advisory",
            "x_refsource_TURBO"
          ],
          "url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
        },
        {
          "name": "RHSA-2003:310",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
        },
        {
          "name": "IMNX-2003-7+-026-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_IMMUNIX"
          ],
          "url": "http://www.securityfocus.com/advisories/6014"
        },
        {
          "name": "17069",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17069"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.guninski.com/binls.html"
        },
        {
          "name": "10126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10126"
        },
        {
          "name": "MDKSA-2003:106",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0854",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-705",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-705"
            },
            {
              "name": "CLA-2003:771",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
            },
            {
              "name": "115",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/115"
            },
            {
              "name": "CLA-2003:768",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
            },
            {
              "name": "20031022 Fun with /bin/ls, yet still ls better than windows",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
            },
            {
              "name": "RHSA-2003:309",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
            },
            {
              "name": "TLSA-2003-60",
              "refsource": "TURBO",
              "url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
            },
            {
              "name": "RHSA-2003:310",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
            },
            {
              "name": "IMNX-2003-7+-026-01",
              "refsource": "IMMUNIX",
              "url": "http://www.securityfocus.com/advisories/6014"
            },
            {
              "name": "17069",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17069"
            },
            {
              "name": "http://www.guninski.com/binls.html",
              "refsource": "MISC",
              "url": "http://www.guninski.com/binls.html"
            },
            {
              "name": "10126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10126"
            },
            {
              "name": "MDKSA-2003:106",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0854",
    "datePublished": "2003-10-25T04:00:00",
    "dateReserved": "2003-10-10T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B1309D6-E5D0-41FB-B7E0-2667EE34C796\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2F6A8F0-396B-4484-9621-70FFC61BF4A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E2FE284-B564-48C7-9DA4-31A6D9AD3E38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0049681-875E-4876-B2E4-519708F2BBBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28E5257A-F5ED-482C-9A0B-3B576513E7D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*\", \"matchCriteriaId\": \"833542E5-B4E7-4995-95C9-E012AE13902D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*\", \"matchCriteriaId\": \"C63ACBE3-5BB2-483E-A5FE-87698E98354A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B39D46C4-B153-4301-AE9C-57FB6BA64CD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E55582DD-DEF7-4BF8-950C-E7E58BD29DE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF9B9132-19A1-4242-A129-E5A49F466EA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9E32F3-06CF-482D-8313-3D098CDE8B6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A096214-84AD-44F5-BBEF-F9F17B9B0C43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4989799F-143A-45E5-A30C-9E3203649770\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E3D0CC6-D1A0-4784-BE93-319C7EE59134\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FA32489-F098-43D2-80B7-89CFE0BE9A3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91C6388E-464B-4562-BC7B-7B4A66387B30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"923B5711-853D-4A77-8FB3-D5C3D449518D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BB1B136-F90E-426B-8010-F2D059E89DBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"573486C8-0349-4BC9-AD7D-3FBF93DDB6AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"473E71DD-F779-4F93-838A-AD6768BB8DFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7196CF2D-8CCC-454A-A2C1-6408A9D636C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.\"}, {\"lang\": \"es\", \"value\": \"ls en los paquetes fileutils o coreutils permite a usuarios locales consumir una gran cantidad de memoria mediante un valor -w, lo que puede ser explotado remotamente mediante aplicaciones que usan ls, com wu-ftpd.\"}]",
      "id": "CVE-2003-0854",
      "lastModified": "2024-11-20T23:45:40.887",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2003-11-17T05:00:00.000",
      "references": "[{\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/10126\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/17069\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2005/dsa-705\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.guninski.com/binls.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2003:106\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-309.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-310.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/advisories/6014\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.turbolinux.com/security/TLSA-2003-60.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/115\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/10126\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/17069\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2005/dsa-705\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.guninski.com/binls.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2003:106\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-309.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-310.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/advisories/6014\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.turbolinux.com/security/TLSA-2003-60.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/115\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0854\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-11-17T05:00:00.000\",\"lastModified\":\"2024-11-20T23:45:40.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.\"},{\"lang\":\"es\",\"value\":\"ls en los paquetes fileutils o coreutils permite a usuarios locales consumir una gran cantidad de memoria mediante un valor -w, lo que puede ser explotado remotamente mediante aplicaciones que usan ls, com wu-ftpd.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B1309D6-E5D0-41FB-B7E0-2667EE34C796\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2F6A8F0-396B-4484-9621-70FFC61BF4A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E2FE284-B564-48C7-9DA4-31A6D9AD3E38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0049681-875E-4876-B2E4-519708F2BBBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28E5257A-F5ED-482C-9A0B-3B576513E7D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*\",\"matchCriteriaId\":\"833542E5-B4E7-4995-95C9-E012AE13902D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*\",\"matchCriteriaId\":\"C63ACBE3-5BB2-483E-A5FE-87698E98354A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B39D46C4-B153-4301-AE9C-57FB6BA64CD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55582DD-DEF7-4BF8-950C-E7E58BD29DE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF9B9132-19A1-4242-A129-E5A49F466EA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9E32F3-06CF-482D-8313-3D098CDE8B6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A096214-84AD-44F5-BBEF-F9F17B9B0C43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4989799F-143A-45E5-A30C-9E3203649770\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E3D0CC6-D1A0-4784-BE93-319C7EE59134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FA32489-F098-43D2-80B7-89CFE0BE9A3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91C6388E-464B-4562-BC7B-7B4A66387B30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"923B5711-853D-4A77-8FB3-D5C3D449518D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BB1B136-F90E-426B-8010-F2D059E89DBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"573486C8-0349-4BC9-AD7D-3FBF93DDB6AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"473E71DD-F779-4F93-838A-AD6768BB8DFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7196CF2D-8CCC-454A-A2C1-6408A9D636C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6\"}]}]}],\"references\":[{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/10126\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17069\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2005/dsa-705\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.guninski.com/binls.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2003:106\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-309.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-310.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/advisories/6014\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.turbolinux.com/security/TLSA-2003-60.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/115\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/10126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2005/dsa-705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.guninski.com/binls.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2003:106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-309.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-310.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/advisories/6014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.turbolinux.com/security/TLSA-2003-60.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/115\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

rhsa-2003:309

Vulnerability from csaf_redhat

Published

2003-11-03 15:26

Modified

2024-11-21 22:52

Summary

Red Hat Security Advisory: : Updated fileutils/coreutils package fix ls vulnerabilities

Notes

Topic

Updated fileutils and coreutils packages that close a potential denial of service vulnerability are now available.

Details

The fileutils package contains several basic system utilities. One of these utilities is the "ls" program, which is used to list information about files and directories. In Red Hat Linux 9, the ls program is part of the coreutils package. Georgi Guninski discovered a memory starvation denial of service vulnerability in the ls program. It is possible to make ls allocate a huge amount of memory by specifying certain command line arguments. This vulnerability is remotely exploitable through services like wu-ftpd, which pass user arguments to ls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0854 to this issue. A non-exploitable integer overflow in ls has also been discovered. It is possible to make ls crash by specifying certain command line arguments. This vulnerability is remotely exploitable through services like wu-ftpd, which pass user arguments to ls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0853 to this issue. This erratum contains new fileutils packages for Red Hat Linux versions 7.1, 7.2, 7.3, and 8.0. It also contains new coreutils packages for Red Hat Linux 9. These packages contain backported patches correcting these vulnerabilities. The Red Hat Linux 7.2 and 7.3 packages also add support for the O_DIRECT flag, which controls the use of synchronous I/O on file systems such as OCFS.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated fileutils and coreutils packages that close a potential denial of\nservice vulnerability are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The fileutils package contains several basic system utilities. One of\nthese utilities is the \"ls\" program, which is used to list information\nabout files and directories. In Red Hat Linux 9, the ls program is part of\nthe coreutils package.\n\nGeorgi Guninski discovered a memory starvation denial of service\nvulnerability in the ls program.  It is possible to make ls allocate a\nhuge amount of memory by specifying certain command line arguments.  This\nvulnerability is remotely exploitable through services like wu-ftpd, which\npass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0854 to this issue.\n\nA non-exploitable integer overflow in ls has also been discovered.  It is\npossible to make ls crash by specifying certain command line arguments. \nThis vulnerability is remotely exploitable through services like wu-ftpd,\nwhich pass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0853 to this issue.\n\nThis erratum contains new fileutils packages for Red Hat Linux versions\n7.1, 7.2, 7.3, and 8.0.  It also contains new coreutils packages for Red\nHat Linux 9.  These packages contain backported patches correcting these\nvulnerabilities.\n\nThe Red Hat Linux 7.2 and 7.3 packages also add support for the\nO_DIRECT flag, which controls the use of synchronous I/O on file systems\nsuch as OCFS.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:309",
        "url": "https://access.redhat.com/errata/RHSA-2003:309"
      },
      {
        "category": "external",
        "summary": "102006",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102006"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_309.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated fileutils/coreutils package fix ls vulnerabilities",
    "tracking": {
      "current_release_date": "2024-11-21T22:52:38+00:00",
      "generator": {
        "date": "2024-11-21T22:52:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:309",
      "initial_release_date": "2003-11-03T15:26:00+00:00",
      "revision_history": [
        {
          "date": "2003-11-03T15:26:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-11-03T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:52:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 8.0",
                "product": {
                  "name": "Red Hat Linux 8.0",
                  "product_id": "Red Hat Linux 8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0853",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617091"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617091",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617091"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0853",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-03T15:26:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:309"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0854",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617092"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617092",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617092"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-03T15:26:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:309"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2003_310

Vulnerability from csaf_redhat

Published

2003-11-12 14:06

Modified

2024-11-21 22:52

Summary

Red Hat Security Advisory: fileutils security update

Notes

Topic

Updated fileutils packages that close a potential denial of service vulnerability are now available.

Details

The fileutils package contains several basic system utilities. One of these utilities is the "ls" program, which is used to list information about files and directories. Georgi Guninski discovered a memory starvation denial of service vulnerability in the ls program. It is possible to make ls allocate a huge amount of memory by specifying certain command line arguments. This vulnerability is remotely exploitable through services like wu-ftpd, which pass user arguments to ls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0854 to this issue. A non-exploitable integer overflow in ls has been discovered. It is possible to make ls crash by specifying certain command line arguments. This vulnerability is remotely exploitable through services like wu-ftpd, which pass user arguments to ls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0853 to this issue. Users are advised to update to these erratum packages, which contain backported security patches that correct these vulnerabilities. These packages also add support for the O_DIRECT flag, which controls the use of synchronous I/O on file systems such as OCFS.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated fileutils packages that close a potential denial of service\nvulnerability are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The fileutils package contains several basic system utilities. One of\nthese utilities is the \"ls\" program, which is used to list information\nabout files and directories. \n\nGeorgi Guninski discovered a memory starvation denial of service\nvulnerability in the ls program.  It is possible to make ls allocate a\nhuge amount of memory by specifying certain command line arguments.  This\nvulnerability is remotely exploitable through services like wu-ftpd, which\npass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0854 to this issue.\n\nA non-exploitable integer overflow in ls has been discovered.  It is\npossible to make ls crash by specifying certain command line arguments. \nThis vulnerability is remotely exploitable through services like wu-ftpd,\nwhich pass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0853 to this issue.\n\nUsers are advised to update to these erratum packages, which contain\nbackported security patches that correct these vulnerabilities.\n\nThese packages also add support for the O_DIRECT flag, which controls the\nuse of synchronous I/O on file systems such as OCFS.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:310",
        "url": "https://access.redhat.com/errata/RHSA-2003:310"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "102006",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102006"
      },
      {
        "category": "external",
        "summary": "107821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=107821"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_310.json"
      }
    ],
    "title": "Red Hat Security Advisory: fileutils security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:52:42+00:00",
      "generator": {
        "date": "2024-11-21T22:52:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:310",
      "initial_release_date": "2003-11-12T14:06:00+00:00",
      "revision_history": [
        {
          "date": "2003-11-12T14:06:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-11-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:52:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0853",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617091"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617091",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617091"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0853",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-12T14:06:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:310"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0854",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617092"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617092",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617092"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-12T14:06:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:310"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2003_309

Vulnerability from csaf_redhat

Published

2003-11-03 15:26

Modified

2024-11-21 22:52

Summary

Red Hat Security Advisory: : Updated fileutils/coreutils package fix ls vulnerabilities

Notes

Topic

Updated fileutils and coreutils packages that close a potential denial of service vulnerability are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated fileutils and coreutils packages that close a potential denial of\nservice vulnerability are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The fileutils package contains several basic system utilities. One of\nthese utilities is the \"ls\" program, which is used to list information\nabout files and directories. In Red Hat Linux 9, the ls program is part of\nthe coreutils package.\n\nGeorgi Guninski discovered a memory starvation denial of service\nvulnerability in the ls program.  It is possible to make ls allocate a\nhuge amount of memory by specifying certain command line arguments.  This\nvulnerability is remotely exploitable through services like wu-ftpd, which\npass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0854 to this issue.\n\nA non-exploitable integer overflow in ls has also been discovered.  It is\npossible to make ls crash by specifying certain command line arguments. \nThis vulnerability is remotely exploitable through services like wu-ftpd,\nwhich pass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0853 to this issue.\n\nThis erratum contains new fileutils packages for Red Hat Linux versions\n7.1, 7.2, 7.3, and 8.0.  It also contains new coreutils packages for Red\nHat Linux 9.  These packages contain backported patches correcting these\nvulnerabilities.\n\nThe Red Hat Linux 7.2 and 7.3 packages also add support for the\nO_DIRECT flag, which controls the use of synchronous I/O on file systems\nsuch as OCFS.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:309",
        "url": "https://access.redhat.com/errata/RHSA-2003:309"
      },
      {
        "category": "external",
        "summary": "102006",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102006"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_309.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated fileutils/coreutils package fix ls vulnerabilities",
    "tracking": {
      "current_release_date": "2024-11-21T22:52:38+00:00",
      "generator": {
        "date": "2024-11-21T22:52:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:309",
      "initial_release_date": "2003-11-03T15:26:00+00:00",
      "revision_history": [
        {
          "date": "2003-11-03T15:26:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-11-03T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:52:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 8.0",
                "product": {
                  "name": "Red Hat Linux 8.0",
                  "product_id": "Red Hat Linux 8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0853",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617091"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617091",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617091"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0853",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-03T15:26:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:309"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0854",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617092"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617092",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617092"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-03T15:26:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:309"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:309

Vulnerability from csaf_redhat

Published

2003-11-03 15:26

Modified

2024-11-21 22:52

Summary

Red Hat Security Advisory: : Updated fileutils/coreutils package fix ls vulnerabilities

Notes

Topic

Updated fileutils and coreutils packages that close a potential denial of service vulnerability are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated fileutils and coreutils packages that close a potential denial of\nservice vulnerability are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The fileutils package contains several basic system utilities. One of\nthese utilities is the \"ls\" program, which is used to list information\nabout files and directories. In Red Hat Linux 9, the ls program is part of\nthe coreutils package.\n\nGeorgi Guninski discovered a memory starvation denial of service\nvulnerability in the ls program.  It is possible to make ls allocate a\nhuge amount of memory by specifying certain command line arguments.  This\nvulnerability is remotely exploitable through services like wu-ftpd, which\npass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0854 to this issue.\n\nA non-exploitable integer overflow in ls has also been discovered.  It is\npossible to make ls crash by specifying certain command line arguments. \nThis vulnerability is remotely exploitable through services like wu-ftpd,\nwhich pass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0853 to this issue.\n\nThis erratum contains new fileutils packages for Red Hat Linux versions\n7.1, 7.2, 7.3, and 8.0.  It also contains new coreutils packages for Red\nHat Linux 9.  These packages contain backported patches correcting these\nvulnerabilities.\n\nThe Red Hat Linux 7.2 and 7.3 packages also add support for the\nO_DIRECT flag, which controls the use of synchronous I/O on file systems\nsuch as OCFS.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:309",
        "url": "https://access.redhat.com/errata/RHSA-2003:309"
      },
      {
        "category": "external",
        "summary": "102006",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102006"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_309.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated fileutils/coreutils package fix ls vulnerabilities",
    "tracking": {
      "current_release_date": "2024-11-21T22:52:38+00:00",
      "generator": {
        "date": "2024-11-21T22:52:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:309",
      "initial_release_date": "2003-11-03T15:26:00+00:00",
      "revision_history": [
        {
          "date": "2003-11-03T15:26:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-11-03T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:52:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 8.0",
                "product": {
                  "name": "Red Hat Linux 8.0",
                  "product_id": "Red Hat Linux 8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0853",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617091"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617091",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617091"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0853",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-03T15:26:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:309"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0854",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617092"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617092",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617092"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-03T15:26:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:309"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:310

Vulnerability from csaf_redhat

Published

2003-11-12 14:06

Modified

2024-11-21 22:52

Summary

Red Hat Security Advisory: fileutils security update

Notes

Topic

Updated fileutils packages that close a potential denial of service vulnerability are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated fileutils packages that close a potential denial of service\nvulnerability are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The fileutils package contains several basic system utilities. One of\nthese utilities is the \"ls\" program, which is used to list information\nabout files and directories. \n\nGeorgi Guninski discovered a memory starvation denial of service\nvulnerability in the ls program.  It is possible to make ls allocate a\nhuge amount of memory by specifying certain command line arguments.  This\nvulnerability is remotely exploitable through services like wu-ftpd, which\npass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0854 to this issue.\n\nA non-exploitable integer overflow in ls has been discovered.  It is\npossible to make ls crash by specifying certain command line arguments. \nThis vulnerability is remotely exploitable through services like wu-ftpd,\nwhich pass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0853 to this issue.\n\nUsers are advised to update to these erratum packages, which contain\nbackported security patches that correct these vulnerabilities.\n\nThese packages also add support for the O_DIRECT flag, which controls the\nuse of synchronous I/O on file systems such as OCFS.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:310",
        "url": "https://access.redhat.com/errata/RHSA-2003:310"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "102006",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102006"
      },
      {
        "category": "external",
        "summary": "107821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=107821"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_310.json"
      }
    ],
    "title": "Red Hat Security Advisory: fileutils security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:52:42+00:00",
      "generator": {
        "date": "2024-11-21T22:52:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:310",
      "initial_release_date": "2003-11-12T14:06:00+00:00",
      "revision_history": [
        {
          "date": "2003-11-12T14:06:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-11-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:52:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0853",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617091"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617091",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617091"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0853",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-12T14:06:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:310"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0854",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617092"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617092",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617092"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-12T14:06:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:310"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2003:310

Vulnerability from csaf_redhat

Published

2003-11-12 14:06

Modified

2024-11-21 22:52

Summary

Red Hat Security Advisory: fileutils security update

Notes

Topic

Updated fileutils packages that close a potential denial of service vulnerability are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated fileutils packages that close a potential denial of service\nvulnerability are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The fileutils package contains several basic system utilities. One of\nthese utilities is the \"ls\" program, which is used to list information\nabout files and directories. \n\nGeorgi Guninski discovered a memory starvation denial of service\nvulnerability in the ls program.  It is possible to make ls allocate a\nhuge amount of memory by specifying certain command line arguments.  This\nvulnerability is remotely exploitable through services like wu-ftpd, which\npass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0854 to this issue.\n\nA non-exploitable integer overflow in ls has been discovered.  It is\npossible to make ls crash by specifying certain command line arguments. \nThis vulnerability is remotely exploitable through services like wu-ftpd,\nwhich pass user arguments to ls.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0853 to this issue.\n\nUsers are advised to update to these erratum packages, which contain\nbackported security patches that correct these vulnerabilities.\n\nThese packages also add support for the O_DIRECT flag, which controls the\nuse of synchronous I/O on file systems such as OCFS.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:310",
        "url": "https://access.redhat.com/errata/RHSA-2003:310"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "102006",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102006"
      },
      {
        "category": "external",
        "summary": "107821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=107821"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_310.json"
      }
    ],
    "title": "Red Hat Security Advisory: fileutils security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:52:42+00:00",
      "generator": {
        "date": "2024-11-21T22:52:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:310",
      "initial_release_date": "2003-11-12T14:06:00+00:00",
      "revision_history": [
        {
          "date": "2003-11-12T14:06:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-11-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:52:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0853",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617091"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617091",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617091"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0853",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0853"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0853"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-12T14:06:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:310"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0854",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617092"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617092",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617092"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854"
        }
      ],
      "release_date": "2003-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-11-12T14:06:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:310"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

gsd-2003-0854

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

Aliases

CVE-2003-0854

Aliases

CVE-2003-0854

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0854",
    "description": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.",
    "id": "GSD-2003-0854",
    "references": [
      "https://www.debian.org/security/2005/dsa-705",
      "https://access.redhat.com/errata/RHSA-2003:310",
      "https://access.redhat.com/errata/RHSA-2003:309"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0854"
      ],
      "details": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.",
      "id": "GSD-2003-0854",
      "modified": "2023-12-13T01:22:13.726110Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0854",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-705",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2005/dsa-705"
          },
          {
            "name": "CLA-2003:771",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
          },
          {
            "name": "115",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/115"
          },
          {
            "name": "CLA-2003:768",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
          },
          {
            "name": "20031022 Fun with /bin/ls, yet still ls better than windows",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
          },
          {
            "name": "RHSA-2003:309",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
          },
          {
            "name": "TLSA-2003-60",
            "refsource": "TURBO",
            "url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
          },
          {
            "name": "RHSA-2003:310",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
          },
          {
            "name": "IMNX-2003-7+-026-01",
            "refsource": "IMMUNIX",
            "url": "http://www.securityfocus.com/advisories/6014"
          },
          {
            "name": "17069",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17069"
          },
          {
            "name": "http://www.guninski.com/binls.html",
            "refsource": "MISC",
            "url": "http://www.guninski.com/binls.html"
          },
          {
            "name": "10126",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/10126"
          },
          {
            "name": "MDKSA-2003:106",
            "refsource": "MANDRAKE",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0854"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20031022 Fun with /bin/ls, yet still ls better than windows",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
            },
            {
              "name": "http://www.guninski.com/binls.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.guninski.com/binls.html"
            },
            {
              "name": "DSA-705",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2005/dsa-705"
            },
            {
              "name": "RHSA-2003:309",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
            },
            {
              "name": "RHSA-2003:310",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
            },
            {
              "name": "IMNX-2003-7+-026-01",
              "refsource": "IMMUNIX",
              "tags": [],
              "url": "http://www.securityfocus.com/advisories/6014"
            },
            {
              "name": "TLSA-2003-60",
              "refsource": "TURBO",
              "tags": [],
              "url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
            },
            {
              "name": "10126",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/10126"
            },
            {
              "name": "17069",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/17069"
            },
            {
              "name": "CLA-2003:768",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
            },
            {
              "name": "CLA-2003:771",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
            },
            {
              "name": "MDKSA-2003:106",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
            },
            {
              "name": "115",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/115"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:29Z",
      "publishedDate": "2003-11-17T05:00Z"
    }
  }
}

ghsa-qjv8-gc24-r5w4

Vulnerability from github

Published

2022-04-29 01:27

Modified

2022-04-29 01:27

Details

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0854"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-11-17T05:00:00Z",
    "severity": "LOW"
  },
  "details": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.",
  "id": "GHSA-qjv8-gc24-r5w4",
  "modified": "2022-04-29T01:27:06Z",
  "published": "2022-04-29T01:27:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0854"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/115"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/10126"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17069"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2005/dsa-705"
    },
    {
      "type": "WEB",
      "url": "http://www.guninski.com/binls.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/advisories/6014"
    },
    {
      "type": "WEB",
      "url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2003-0854

Vulnerability from fkie_nvd

Published

2003-11-17 05:00

Modified

2024-11-20 23:45

Severity ?

Summary

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

References

URL	Tags
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html
cve@mitre.org	http://secunia.com/advisories/10126	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/17069	Vendor Advisory
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
cve@mitre.org	http://www.debian.org/security/2005/dsa-705
cve@mitre.org	http://www.guninski.com/binls.html
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2003:106
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-309.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-310.html
cve@mitre.org	http://www.securityfocus.com/advisories/6014
cve@mitre.org	http://www.turbolinux.com/security/TLSA-2003-60.txt
cve@mitre.org	https://www.exploit-db.com/exploits/115
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/10126	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17069	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2005/dsa-705
af854a3a-2127-422b-91ae-364da2661108	http://www.guninski.com/binls.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2003:106
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-309.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-310.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/advisories/6014
af854a3a-2127-422b-91ae-364da2661108	http://www.turbolinux.com/security/TLSA-2003-60.txt
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/115

Impacted products

Vendor	Product	Version
gnu	fileutils	4.0
gnu	fileutils	4.0.36
gnu	fileutils	4.1
gnu	fileutils	4.1.6
gnu	fileutils	4.1.7
washington_university	wu-ftpd	2.4.1
washington_university	wu-ftpd	2.4.2_beta2
washington_university	wu-ftpd	2.4.2_beta18
washington_university	wu-ftpd	2.4.2_beta18_vr4
washington_university	wu-ftpd	2.4.2_beta18_vr5
washington_university	wu-ftpd	2.4.2_beta18_vr6
washington_university	wu-ftpd	2.4.2_beta18_vr7
washington_university	wu-ftpd	2.4.2_beta18_vr8
washington_university	wu-ftpd	2.4.2_beta18_vr9
washington_university	wu-ftpd	2.4.2_beta18_vr10
washington_university	wu-ftpd	2.4.2_beta18_vr11
washington_university	wu-ftpd	2.4.2_beta18_vr12
washington_university	wu-ftpd	2.4.2_beta18_vr13
washington_university	wu-ftpd	2.4.2_beta18_vr14
washington_university	wu-ftpd	2.4.2_beta18_vr15
washington_university	wu-ftpd	2.4.2_vr16
washington_university	wu-ftpd	2.4.2_vr17
washington_university	wu-ftpd	2.5.0
washington_university	wu-ftpd	2.6.0
washington_university	wu-ftpd	2.6.1
washington_university	wu-ftpd	2.6.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1309D6-E5D0-41FB-B7E0-2667EE34C796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F6A8F0-396B-4484-9621-70FFC61BF4A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E2FE284-B564-48C7-9DA4-31A6D9AD3E38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0049681-875E-4876-B2E4-519708F2BBBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
              "matchCriteriaId": "833542E5-B4E7-4995-95C9-E012AE13902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
              "matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
              "matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
              "matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
    },
    {
      "lang": "es",
      "value": "ls en los paquetes fileutils o coreutils permite a usuarios locales consumir una gran cantidad de memoria mediante un valor -w, lo que puede ser explotado remotamente mediante aplicaciones que usan ls, com wu-ftpd."
    }
  ],
  "id": "CVE-2003-0854",
  "lastModified": "2024-11-20T23:45:40.887",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-11-17T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10126"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17069"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2005/dsa-705"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.guninski.com/binls.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/advisories/6014"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2005/dsa-705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.guninski.com/binls.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/advisories/6014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/115"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from cvelistv5

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from gsd

Vulnerability from github

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature