Lucene search

[email protected]CVE-2003-0854

HistoryNov 17, 2003 - 5:00 a.m.

CVE-2003-0854

2003-11-1705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0854

fileutils

coreutils

memory consumption

wu-ftpd

nvd

5.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

CPENameOperatorVersion
gnu:fileutilsgnu fileutilseq4.0
washington_university:wu-ftpdwashington university wu-ftpdeq2.4.2_beta18
washington_university:wu-ftpdwashington university wu-ftpdeq2.4.2_beta18_vr14
washington_university:wu-ftpdwashington university wu-ftpdeq2.5.0
washington_university:wu-ftpdwashington university wu-ftpdeq2.4.2_vr17
washington_university:wu-ftpdwashington university wu-ftpdeq2.4.2_beta18_vr9
gnu:fileutilsgnu fileutilseq4.0.36
washington_university:wu-ftpdwashington university wu-ftpdeq2.4.1
gnu:fileutilsgnu fileutilseq4.1
gnu:fileutilsgnu fileutilseq4.1.7

CPE	Name	Operator	Version
gnu:fileutils	gnu fileutils	eq	4.0
washington_university:wu-ftpd	washington university wu-ftpd	eq	2.4.2_beta18
washington_university:wu-ftpd	washington university wu-ftpd	eq	2.4.2_beta18_vr14
washington_university:wu-ftpd	washington university wu-ftpd	eq	2.5.0
washington_university:wu-ftpd	washington university wu-ftpd	eq	2.4.2_vr17
washington_university:wu-ftpd	washington university wu-ftpd	eq	2.4.2_beta18_vr9
gnu:fileutils	gnu fileutils	eq	4.0.36
washington_university:wu-ftpd	washington university wu-ftpd	eq	2.4.1
gnu:fileutils	gnu fileutils	eq	4.1
gnu:fileutils	gnu fileutils	eq	4.1.7

Rows per page:

1-10 of 261

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771

lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html

secunia.com/advisories/10126

secunia.com/advisories/17069

support.avaya.com/elmodocs2/security/ASA-2005-213.pdf

www.debian.org/security/2005/dsa-705

www.guninski.com/binls.html

www.mandriva.com/security/advisories?name=MDKSA-2003:106

www.redhat.com/support/errata/RHSA-2003-309.html

www.redhat.com/support/errata/RHSA-2003-310.html

www.securityfocus.com/advisories/6014

www.turbolinux.com/security/TLSA-2003-60.txt

www.exploit-db.com/exploits/115

5.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2003-0854

debiancve1 openvas4 debian2 nessus4 redhat1 osv1