Mandrake Linux Security Advisory : fileutils/coreutils (MDKSA-2003:106)
Medium Nessus Plugin ID 14088
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA memory starvation denial of service vulnerability in the ls program was discovered by Georgi Guninski. It is possible to allocate a huge amount of memory by specifying certain command-line arguments. It is also possible to exploit this remotely via programs that call ls such as wu-ftpd (although wu-ftpd is no longer shipped with Mandrake Linux).
Likewise, a non-exploitable integer overflow problem was discovered in ls, which can be used to crash ls by specifying certain command-line arguments. This can also be triggered via remotely accessible services such as wu-ftpd.
The provided packages include a patched ls to fix these problems.
SolutionUpdate the affected coreutils, coreutils-doc and / or fileutils packages.