|Category:||Red Hat Local Security Checks|
|Title:||RedHat Security Advisory RHSA-2003:310|
The remote host is missing updates announced in
The fileutils package contains several basic system utilities. One of
these utilities is the ls program, which is used to list information
about files and directories.
Georgi Guninski discovered a memory starvation denial of service
vulnerability in the ls program. It is possible to make ls allocate a
huge amount of memory by specifying certain command line arguments. This
vulnerability is remotely exploitable through services like wu-ftpd, which
pass user arguments to ls. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2003-0854 to this issue.
A non-exploitable integer overflow in ls has been discovered. It is
possible to make ls crash by specifying certain command line arguments.
This vulnerability is remotely exploitable through services like wu-ftpd,
which pass user arguments to ls. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2003-0853 to this issue.
Users are advised to update to these erratum packages, which contain
backported security patches that correct these vulnerabilities.
These packages also add support for the O_DIRECT flag, which controls the
use of synchronous I/O on file systems such as OCFS.
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
Risk factor : Medium
Common Vulnerability Exposure (CVE) ID: CVE-2003-0853|
BugTraq ID: 8875
Conectiva Linux advisory: CLA-2003:768
Conectiva Linux advisory: CLA-2003:771
Immunix Linux Advisory: IMNX-2003-7+-026-01
TurboLinux Advisory: TLSA-2003-60
Common Vulnerability Exposure (CVE) ID: CVE-2003-0854
Debian Security Information: DSA-705 (Google Search)
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.