 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.51475 |
| Kategorie: | Conectiva Local Security Checks |
| Titel: | Conectiva Security Advisory CLA-2003:771 |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory CLA-2003:771. The anonftp package contains a chroot environment used by some FTP servers (e. g. wu-ftpd) when serving anonymous FTP sessions. Among the utilities provided, is the ls program, used to list information about files and directories. This update is a follow-up to the CLSA-2003:768 announcement[1], which fixed a memory starvation vulnerability in the ls program (from the fileutils package). Since the anonftp package contains a copy of the ls program, it is also being updated. Below is a copy of our previous text describing the vulnerability: Georgi Guninski discovered[2] a memory starvation denial of service vulnerability in the ls program. It is possible to make ls allocate a huge amount of memory by calling it with the parameters -w X -C (where X is an arbitrary large number). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0854[3] to this issue. This vulnerability is remotely exploitable in scenarios where remote applications allow users to call ls without filtering the supplied parameters. An example of such a scenario is the use of the wu-ftpd FTP server. Additionally, this update fixes an integer overflow in ls which seems to be non-exploitable. The overflow occurs in the usage of the -w parameter under the same circumstances of the aforementioned memory starvation vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0853[4] to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000768&idioma=en http://www.guninski.com/binls.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0853 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:771 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0 |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0854 Conectiva Linux advisory: CLA-2003:768 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768 Conectiva Linux advisory: CLA-2003:771 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771 Debian Security Information: DSA-705 (Google Search) http://www.debian.org/security/2005/dsa-705 https://www.exploit-db.com/exploits/115 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html Immunix Linux Advisory: IMNX-2003-7+-026-01 http://www.securityfocus.com/advisories/6014 http://www.mandriva.com/security/advisories?name=MDKSA-2003:106 http://www.guninski.com/binls.html http://www.redhat.com/support/errata/RHSA-2003-309.html http://www.redhat.com/support/errata/RHSA-2003-310.html http://secunia.com/advisories/10126 http://secunia.com/advisories/17069 TurboLinux Advisory: TLSA-2003-60 http://www.turbolinux.com/security/TLSA-2003-60.txt Common Vulnerability Exposure (CVE) ID: CVE-2003-0853 BugTraq ID: 8875 http://www.securityfocus.com/bid/8875 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |