|
ls/dir Width Parameter Denial of Service Vulnerability
|
|
Secunia Advisory:
|
SA10059
|
|
|
Release Date:
|
2003-10-23
|
|
Last Update:
|
2004-03-04
|
|
Popularity:
|
8,909 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | GNU Core Utilities (coreutils) 5.x
GNU File Utilities (fileutils) 4.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Two vulnerabilities have been identified in fileutils and coreutils, which can be exploited by malicious users to cause a DoS (Denial of Service).
It is possible to cause the "ls" and "dir" programs to consume large amounts of memory by supplying an overly large integer value as argument to the "-w" parameter.
Successful exploitation results in an integer overflow but this is reportedly not believed to be exploitable for command execution.
The vulnerabilities can also be triggered remotely via applications calling "ls" or "dir" without filtering input (eg. via WU-FTPD).
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
