 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51473 |
| Categoría: | Conectiva Local Security Checks |
| Título: | Conectiva Security Advisory CLA-2003:768 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory CLA-2003:768. The fileutils package contains several basic system utilities. One of these utilities is the ls program, used to list information about files and directories. Georgi Guninski discovered[1] a memory starvation denial of service vulnerability in the ls program. It is possible to make ls allocate a huge amount of memory by calling it with the parameters -w X -C (where X is an arbitrary large number). This vulnerability is remotely exploitable in scenarios where remote applications allow an user to call ls without filtering the supplied parameters. An example of such scenario is the use of the wu-ftpd FTP server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0854[2] to this issue. Additionally, this update fixes an integer overflow in ls which seems non-exploitable. The overflow occurs in the usage of the -w parameter under the same circumstances of the aforementioned memory starvation vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0853[3] to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.guninski.com/binls.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0853 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:768 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0854 Conectiva Linux advisory: CLA-2003:768 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768 Conectiva Linux advisory: CLA-2003:771 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771 Debian Security Information: DSA-705 (Google Search) http://www.debian.org/security/2005/dsa-705 https://www.exploit-db.com/exploits/115 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html Immunix Linux Advisory: IMNX-2003-7+-026-01 http://www.securityfocus.com/advisories/6014 http://www.mandriva.com/security/advisories?name=MDKSA-2003:106 http://www.guninski.com/binls.html http://www.redhat.com/support/errata/RHSA-2003-309.html http://www.redhat.com/support/errata/RHSA-2003-310.html http://secunia.com/advisories/10126 http://secunia.com/advisories/17069 TurboLinux Advisory: TLSA-2003-60 http://www.turbolinux.com/security/TLSA-2003-60.txt Common Vulnerability Exposure (CVE) ID: CVE-2003-0853 BugTraq ID: 8875 http://www.securityfocus.com/bid/8875 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |