FTP: GNU ls Oversize Width Denial of Service

This signature detects denial-of-service (DoS) attempts against GNU ls. If the FTP daemon uses a vulnerable version of GNU ls, attackers can send an oversized width parameter to GNU ls to cause the server CPU utilization to temporarily reach 100% and exhaust system memory. This condition can persist for several minutes depending on the width specified.

Extended Description

Coreutils 'ls' has been reported prone to an integer overflow vulnerability. The issue reportedly presents itself when handling width and column display command line arguments. It has been reported that excessive values passed as a width argument to 'ls' may cause an internal integer value to be misrepresented. Further arithmetic performed based off this misrepresented value may have unintentional results. Additionally it has been reported that this vulnerability may be exploited in software that implements and invokes the vulnerable 'ls' utility to trigger a denial of service in the affected software.

Affected Products

Sun cobalt_raq_4,Gnu fileutils

References

CVE: CVE-2003-0854

URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1604.html http://www.securityfocus.com/advisories/6014 http://www.securityfocus.com/bid/8875

Short Name

FTP:REQERR:GNULS-WIDTH-DOS

Severity

Minor

Recommended

False

Recommended Action

None

FTP: GNU ls Oversize Width Denial of Service

Extended Description

Affected Products

References

Found a potential security threat?