Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
FTP:REQERR:GNULS-WIDTH-DOS |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
FTP |
Keywords |
GNU ls Oversize Width Denial of Service |
Release Date |
2003/11/05 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
FTP: GNU ls Oversize Width Denial of Service
This signature detects denial-of-service (DoS) attempts against GNU ls. If the FTP daemon uses a vulnerable version of GNU ls, attackers can send an oversized width parameter to GNU ls to cause the server CPU utilization to temporarily reach 100% and exhaust system memory. This condition can persist for several minutes depending on the width specified.
Extended Description
Coreutils 'ls' has been reported prone to an integer overflow vulnerability. The issue reportedly presents itself when handling width and column display command line arguments. It has been reported that excessive values passed as a width argument to 'ls' may cause an internal integer value to be misrepresented. Further arithmetic performed based off this misrepresented value may have unintentional results. Additionally it has been reported that this vulnerability may be exploited in software that implements and invokes the vulnerable 'ls' utility to trigger a denial of service in the affected software.
Affected Products
- Avaya cvlan
- Avaya integrated_management 2.1.0
- Avaya integrated_management
- Gnu coreutils 4.5.1
- Gnu coreutils 4.5.10
- Gnu coreutils 4.5.11
- Gnu coreutils 4.5.12
- Gnu coreutils 4.5.2
- Gnu coreutils 4.5.3
- Gnu coreutils 4.5.4
- Gnu coreutils 4.5.5
- Gnu coreutils 4.5.6
- Gnu coreutils 4.5.7
- Gnu coreutils 4.5.8
- Gnu coreutils 4.5.9
- Gnu coreutils 5.0.0
- Gnu fileutils 4.0.0
- Gnu fileutils 4.0.33
- Gnu fileutils 4.0.36
- Gnu fileutils 4.1.0
- Gnu fileutils 4.1.1
- Gnu fileutils 4.1.11
- Gnu fileutils 4.1.5
- Gnu fileutils 4.1.6
- Gnu fileutils 4.1.7
- Gnu fileutils 4.1.9
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0
- Red_hat enterprise_linux_as 2.1
- Red_hat enterprise_linux_es 2.1
- Red_hat enterprise_linux_ws 2.1
- Sgi propack 2.2.1
- Sgi propack 2.3.0
- Sun cobalt_qube_3
- Sun cobalt_raq_4
- Sun cobalt_raq_xtr
- Washington_university wu-ftpd 2.4.1
- Washington_university wu-ftpd 2.4.2 academ[BETA1-15]
- Washington_university wu-ftpd 2.4.2 academ[BETA-18]
- Washington_university wu-ftpd 2.4.2 (beta 18) VR10
- Washington_university wu-ftpd 2.4.2 (beta 18) VR11
- Washington_university wu-ftpd 2.4.2 (beta 18) VR12
- Washington_university wu-ftpd 2.4.2 (beta 18) VR13
- Washington_university wu-ftpd 2.4.2 (beta 18) VR14
- Washington_university wu-ftpd 2.4.2 (beta 18) VR15
- Washington_university wu-ftpd 2.4.2 (beta 18) VR4
- Washington_university wu-ftpd 2.4.2 (beta 18) VR5
- Washington_university wu-ftpd 2.4.2 (beta 18) VR6
- Washington_university wu-ftpd 2.4.2 (beta 18) VR7
- Washington_university wu-ftpd 2.4.2 (beta 18) VR8
- Washington_university wu-ftpd 2.4.2 (beta 18) VR9
- Washington_university wu-ftpd 2.4.2 VR16
- Washington_university wu-ftpd 2.4.2 VR17
- Washington_university wu-ftpd 2.5.0 .0
- Washington_university wu-ftpd 2.6.0 .0
- Washington_university wu-ftpd 2.6.1
- Washington_university wu-ftpd 2.6.2
References