 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.51473 |
| Kategorie: | Conectiva Local Security Checks |
| Titel: | Conectiva Security Advisory CLA-2003:768 |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory CLA-2003:768. The fileutils package contains several basic system utilities. One of these utilities is the ls program, used to list information about files and directories. Georgi Guninski discovered[1] a memory starvation denial of service vulnerability in the ls program. It is possible to make ls allocate a huge amount of memory by calling it with the parameters -w X -C (where X is an arbitrary large number). This vulnerability is remotely exploitable in scenarios where remote applications allow an user to call ls without filtering the supplied parameters. An example of such scenario is the use of the wu-ftpd FTP server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0854[2] to this issue. Additionally, this update fixes an integer overflow in ls which seems non-exploitable. The overflow occurs in the usage of the -w parameter under the same circumstances of the aforementioned memory starvation vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0853[3] to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.guninski.com/binls.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0853 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:768 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0 |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0854 Conectiva Linux advisory: CLA-2003:768 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768 Conectiva Linux advisory: CLA-2003:771 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771 Debian Security Information: DSA-705 (Google Search) http://www.debian.org/security/2005/dsa-705 https://www.exploit-db.com/exploits/115 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html Immunix Linux Advisory: IMNX-2003-7+-026-01 http://www.securityfocus.com/advisories/6014 http://www.mandriva.com/security/advisories?name=MDKSA-2003:106 http://www.guninski.com/binls.html http://www.redhat.com/support/errata/RHSA-2003-309.html http://www.redhat.com/support/errata/RHSA-2003-310.html http://secunia.com/advisories/10126 http://secunia.com/advisories/17069 TurboLinux Advisory: TLSA-2003-60 http://www.turbolinux.com/security/TLSA-2003-60.txt Common Vulnerability Exposure (CVE) ID: CVE-2003-0853 BugTraq ID: 8875 http://www.securityfocus.com/bid/8875 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |