Vulnerability Name:

CVE-2003-0853 (CCN-13495)

Assigned:2003-10-12
Published:2003-10-12
Updated:2008-09-10
Summary:An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2003-0853

Source: CONECTIVA
Type: UNKNOWN
CLA-2003:768

Source: CONECTIVA
Type: UNKNOWN
CLA-2003:771

Source: CCN
Type: Conectiva Linux Announcement CLSA-2003:768
fileutils

Source: CCN
Type: Conectiva Linux Announcement CLSA-2003:771
anonftp - Remote denial of service vulnerability

Source: FULLDISC
Type: UNKNOWN
20031022 Fun with /bin/ls, yet still ls better than windows

Source: CCN
Type: GNU Mailing List, Sun, 12 Oct 2003 22:46:46 +0300
integer overflow in /bin/ls

Source: CCN
Type: RHSA-2003-309
Updated fileutils/coreutils package fix ls vulnerabilities

Source: CCN
Type: RHSA-2003-310
fileutils security update

Source: SECUNIA
Type: UNKNOWN
10126

Source: CCN
Type: SA17069
Avaya Products "ls" Denial of Service Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17069

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf

Source: CCN
Type: Georgi Guninski Security Advisory #62
Fun with /bin/ls, yet still ls better than windows

Source: MISC
Type: UNKNOWN
http://www.guninski.com/binls.html

Source: CCN
Type: Immunix Secured OS Security Advisory IMNX-2003-7+-026-01
fileutils

Source: CCN
Type: Trustix Secure Linux Security Advisory #2003-0042
coreutils/fileutils/anonftp

Source: CCN
Type: SCO Security Advisory CSSA-2004-006.0
OpenLinux: Integer overflow may allow local users to cause a denial of service or possibly execute arbitrary code

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:106

Source: REDHAT
Type: UNKNOWN
RHSA-2003:309

Source: REDHAT
Type: UNKNOWN
RHSA-2003:310

Source: IMMUNIX
Type: UNKNOWN
IMNX-2003-7+-026-01

Source: BID
Type: Exploit, Patch, Vendor Advisory
8875

Source: CCN
Type: BID-8875
Coreutils LS Width Argument Integer Overflow Vulnerability

Source: CCN
Type: TLSA-2003-60
ls vulnerabilities

Source: TURBO
Type: UNKNOWN
TLSA-2003-60

Source: XF
Type: UNKNOWN
ls-w-integer-overflow(13495)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:fileutils:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:fileutils:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    gnu fileutils 4.0
    gnu fileutils 4.0.36
    gnu fileutils 4.1
    gnu fileutils 4.1.6
    gnu fileutils 4.1.7
    washington_university wu-ftpd 2.4.1
    washington_university wu-ftpd 2.4.2_beta2
    washington_university wu-ftpd 2.4.2_beta18
    washington_university wu-ftpd 2.4.2_beta18_vr4
    washington_university wu-ftpd 2.4.2_beta18_vr5
    washington_university wu-ftpd 2.4.2_beta18_vr6
    washington_university wu-ftpd 2.4.2_beta18_vr7
    washington_university wu-ftpd 2.4.2_beta18_vr8
    washington_university wu-ftpd 2.4.2_beta18_vr9
    washington_university wu-ftpd 2.4.2_beta18_vr10
    washington_university wu-ftpd 2.4.2_beta18_vr11
    washington_university wu-ftpd 2.4.2_beta18_vr12
    washington_university wu-ftpd 2.4.2_beta18_vr13
    washington_university wu-ftpd 2.4.2_beta18_vr14
    washington_university wu-ftpd 2.4.2_beta18_vr15
    washington_university wu-ftpd 2.4.2_vr16
    washington_university wu-ftpd 2.4.2_vr17
    washington_university wu-ftpd 2.5.0
    washington_university wu-ftpd 2.6.0
    washington_university wu-ftpd 2.6.1
    washington_university wu-ftpd 2.6.2
    redhat linux 7.1
    trustix secure linux 1.2
    turbolinux turbolinux server 6.5
    conectiva linux 7.0
    trustix secure linux 1.5
    redhat linux 7.2
    conectiva linux 8.0
    redhat linux 7.3
    redhat linux 8.0
    mandrakesoft mandrake linux 9.0
    mandrakesoft mandrake multi network firewall 8.2
    turbolinux turbolinux server 6.1
    turbolinux turbolinux workstation 6.0
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    redhat enterprise linux 2.1
    conectiva linux 9.0
    trustix secure linux 2.0
    mandrakesoft mandrake linux 9.2
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux corporate server 2.1