 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51010 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2003:310 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2003:310. The fileutils package contains several basic system utilities. One of these utilities is the ls program, which is used to list information about files and directories. Georgi Guninski discovered a memory starvation denial of service vulnerability in the ls program. It is possible to make ls allocate a huge amount of memory by specifying certain command line arguments. This vulnerability is remotely exploitable through services like wu-ftpd, which pass user arguments to ls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0854 to this issue. A non-exploitable integer overflow in ls has been discovered. It is possible to make ls crash by specifying certain command line arguments. This vulnerability is remotely exploitable through services like wu-ftpd, which pass user arguments to ls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0853 to this issue. Users are advised to update to these erratum packages, which contain backported security patches that correct these vulnerabilities. These packages also add support for the O_DIRECT flag, which controls the use of synchronous I/O on file systems such as OCFS. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-310.html Risk factor : Medium CVSS Score: 5.0 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0853 BugTraq ID: 8875 http://www.securityfocus.com/bid/8875 Conectiva Linux advisory: CLA-2003:768 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768 Conectiva Linux advisory: CLA-2003:771 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html Immunix Linux Advisory: IMNX-2003-7+-026-01 http://www.securityfocus.com/advisories/6014 http://www.mandriva.com/security/advisories?name=MDKSA-2003:106 http://www.guninski.com/binls.html http://www.redhat.com/support/errata/RHSA-2003-309.html http://www.redhat.com/support/errata/RHSA-2003-310.html http://secunia.com/advisories/10126 http://secunia.com/advisories/17069 TurboLinux Advisory: TLSA-2003-60 http://www.turbolinux.com/security/TLSA-2003-60.txt Common Vulnerability Exposure (CVE) ID: CVE-2003-0854 Debian Security Information: DSA-705 (Google Search) http://www.debian.org/security/2005/dsa-705 https://www.exploit-db.com/exploits/115 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |