NVD Vulnerability Detail

CVE-2003-0854

Summary	ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
Publication Date	Nov. 17, 2003, 2 p.m.
Registration Date	Jan. 29, 2021, 6:02 p.m.
Last Update	Oct. 11, 2017, 10:29 a.m.

CVSS2.0 : LOW
Score	2.1
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:fileutils:4.0:::::::*
cpe:2.3:a:gnu:fileutils:4.0.36:::::::*
cpe:2.3:a:gnu:fileutils:4.1:::::::*
cpe:2.3:a:gnu:fileutils:4.1.6:::::::*
cpe:2.3:a:gnu:fileutils:4.1.7:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.1:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2::academ:::::
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18::academ:::::
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.5.0:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.6.0:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.6.1:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.6.2:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768	CONECTIVA
2	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771	CONECTIVA
3	http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html	FULLDISC
4	http://secunia.com/advisories/10126	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/17069	SECUNIA	Vendor Advisory
6	http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf	CONFIRM
7	http://www.debian.org/security/2005/dsa-705	DEBIAN
8	http://www.guninski.com/binls.html	MISC
9	http://www.mandriva.com/security/advisories?name=MDKSA-2003:106	MANDRAKE
10	http://www.redhat.com/support/errata/RHSA-2003-309.html	REDHAT
11	http://www.redhat.com/support/errata/RHSA-2003-310.html	REDHAT
12	http://www.securityfocus.com/advisories/6014	IMMUNIX
13	http://www.turbolinux.com/security/TLSA-2003-60.txt	TURBO
14	https://www.exploit-db.com/exploits/115	EXPLOIT-DB

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:fileutils:4.0:::::::*
cpe:2.3:a:gnu:fileutils:4.0.36:::::::*
cpe:2.3:a:gnu:fileutils:4.1:::::::*
cpe:2.3:a:gnu:fileutils:4.1.6:::::::*
cpe:2.3:a:gnu:fileutils:4.1.7:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.1:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2::academ:::::
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18::academ:::::
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.5.0:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.6.0:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.6.1:::::::*
cpe:2.3:a:washington_university:wu-ftpd:2.6.2:::::::*