 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51473 |
| Category: | Conectiva Local Security Checks |
| Title: | Conectiva Security Advisory CLA-2003:768 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory CLA-2003:768. The fileutils package contains several basic system utilities. One of these utilities is the ls program, used to list information about files and directories. Georgi Guninski discovered[1] a memory starvation denial of service vulnerability in the ls program. It is possible to make ls allocate a huge amount of memory by calling it with the parameters -w X -C (where X is an arbitrary large number). This vulnerability is remotely exploitable in scenarios where remote applications allow an user to call ls without filtering the supplied parameters. An example of such scenario is the use of the wu-ftpd FTP server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0854[2] to this issue. Additionally, this update fixes an integer overflow in ls which seems non-exploitable. The overflow occurs in the usage of the -w parameter under the same circumstances of the aforementioned memory starvation vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0853[3] to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.guninski.com/binls.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0853 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:768 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0854 Conectiva Linux advisory: CLA-2003:768 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768 Conectiva Linux advisory: CLA-2003:771 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771 Debian Security Information: DSA-705 (Google Search) http://www.debian.org/security/2005/dsa-705 https://www.exploit-db.com/exploits/115 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html Immunix Linux Advisory: IMNX-2003-7+-026-01 http://www.securityfocus.com/advisories/6014 http://www.mandriva.com/security/advisories?name=MDKSA-2003:106 http://www.guninski.com/binls.html http://www.redhat.com/support/errata/RHSA-2003-309.html http://www.redhat.com/support/errata/RHSA-2003-310.html http://secunia.com/advisories/10126 http://secunia.com/advisories/17069 TurboLinux Advisory: TLSA-2003-60 http://www.turbolinux.com/security/TLSA-2003-60.txt Common Vulnerability Exposure (CVE) ID: CVE-2003-0853 BugTraq ID: 8875 http://www.securityfocus.com/bid/8875 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |