MDKSA-2003:106

Package name

fileutils/coreutils

Date

2003-11-12

Advisory ID

MDKSA-2003:106

Affected versions

9.2 amd64 , CS2.1 x86_64 , CS2.1 i586 , 9.2 i586 , 9.0 i586 , 9.1 i586 , MNF8.2 i586 , 9.1 i586

Problem description

A memory starvation denial of service vulnerability in the ls program was discovered by Georgi Guninski. It is possible to allocate a huge amount of memory by specifying certain command-line arguments. It is also possible to exploit this remotely via programs that call ls such as wu-ftpd (although wu-ftpd is no longer shipped with Mandrake Linux). Likewise, a non-exploitable integer overflow problem was discovered in ls, which can be used to crash ls by specifying certain command-line arguments. This can also be triggered via remotely accessible services such as wu-ftpd. The provided packages include a patched ls to fix these problems.

Updated packages

9.2 amd64

 545b66d772c7a3e28dd20ea691c6155e  amd64/9.2/RPMS/coreutils-5.0-7.1.92mdk.amd64.rpm
ada7ab45a90d987064cb03d394517093  amd64/9.2/RPMS/coreutils-doc-5.0-7.1.92mdk.amd64.rpm
f285276dbcbf6d5525b71dd89f0fe708  amd64/9.2/SRPMS/coreutils-5.0-7.1.92mdk.src.rpm

CS2.1 x86_64

 5f0423cafb85f403e452bcbb07b97939  x86_64/corporate/2.1/RPMS/fileutils-4.1.11-6.1.C21mdk.x86_64.rpm
755655b2a0d372db45ef572c94c50cea  x86_64/corporate/2.1/SRPMS/fileutils-4.1.11-6.1.C21mdk.src.rpm

CS2.1 i586

 be970695fbd846472dd40b008f0b5274  corporate/2.1/RPMS/fileutils-4.1.11-6.1.C21mdk.i586.rpm
755655b2a0d372db45ef572c94c50cea  corporate/2.1/SRPMS/fileutils-4.1.11-6.1.C21mdk.src.rpm

9.2 i586

 587ee8916dd706159b5493efab81d42c  9.2/RPMS/coreutils-5.0-6.1.92mdk.i586.rpm
43d4d0f6a4d23ccd46185463dd9b81f8  9.2/RPMS/coreutils-doc-5.0-6.1.92mdk.i586.rpm
29080c00ef5c478f4d544de55d60c486  9.2/SRPMS/coreutils-5.0-6.1.92mdk.src.rpm

9.0 i586

 4430a81aede9dd918a9a96e1a4af0b1b  9.0/RPMS/fileutils-4.1.11-6.1.90mdk.i586.rpm
a736eb75b14966d35195b6d5196c1be3  9.0/SRPMS/fileutils-4.1.11-6.1.90mdk.src.rpm

9.1 i586

 05770c5811e1004eb6f66b3bf4d1b7f2  9.1/RPMS/coreutils-4.5.7-1.1.91mdk.i586.rpm
36465c666100e890d721d44e4fc858a1  9.1/RPMS/coreutils-doc-4.5.7-1.1.91mdk.i586.rpm
da9f5e3a516440e5e0cebc013025b625  9.1/SRPMS/coreutils-4.5.7-1.1.91mdk.src.rpm

MNF8.2 i586

 b117277bbd61ad6d9a87d3c8fc675811  mnf8.2/RPMS/fileutils-4.1.5-4.2.M82mdk.i586.rpm
ba3dea1c45822fa314e0c23be2474ee9  mnf8.2/SRPMS/fileutils-4.1.5-4.2.M82mdk.src.rpm

9.1 i586

 d47798f3066dff738cd24497b2c10981  ppc/9.1/RPMS/coreutils-4.5.7-1.1.91mdk.ppc.rpm
b363a38d0c1b3497bdc275b52704e51b  ppc/9.1/RPMS/coreutils-doc-4.5.7-1.1.91mdk.ppc.rpm
da9f5e3a516440e5e0cebc013025b625  ppc/9.1/SRPMS/coreutils-4.5.7-1.1.91mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853