Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2003:106: fileutils/coreutils

Vulnerability Assessment Details

MDKSA-2003:106: fileutils/coreutils

Vulnerability Assessment Summary
Check for the version of the fileutils/coreutils package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2003:106 (fileutils/coreutils).

A memory starvation denial of service vulnerability in the ls program was
discovered by Georgi Guninski. It is possible to allocate a huge amount of
memory by specifying certain command-line arguments. It is also possible to
exploit this remotely via programs that call ls such as wu-ftpd (although
wu-ftpd is no longer shipped with Mandrake Linux).
Likewise, a non-exploitable integer overflow problem was discovered in ls, which
can be used to crash ls by specifying certain command-line arguments. This can
also be triggered via remotely accessible services such as wu-ftpd.
The provided packages include a patched ls to fix these problems.

Solution :
Network Security Threat Level: High

Networks Security ID: 8875

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

DELL 2.5 Dell Samsung 50GB 2.5" SATA II Solid State Drive MCCOE50G5MPQ-0VAD3 0G914J
 Dell Samsung 50GB 2.5Samsung 850 EVO 250GB SSD 2.5-Inch SATA III Crucial Internal Solid State Drive
Samsung 850 EVO 250GB SSD 2.5-Inch SATA III Crucial Internal Solid State Drive  pictureCrucial M4 Solid State Drive SSD 2.5" 256GB SATA 6Gb/s M4-CT256M4SSD2
Crucial M4 Solid State Drive SSD 2.5


No Discussions have been posted on this vulnerability.