[UNIX] GNU Coreutils DoS and Code Execution in ls/dir Commands
From: SecuriTeam (support_at_securiteam.com)
Date: 03/07/04
- Previous message: SecuriTeam: "[NT] WFTPD Buffer Overflow Vulnerabilities (STAT, LIST, NLST)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 7 Mar 2004 12:55:36 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
GNU Coreutils DoS and Code Execution in ls/dir Commands
------------------------------------------------------------------------
SUMMARY
GNU Coreutils is a set of standard utilities included in all Linux
distributions. An integer overflow vulnerability exists in the 'ls' and
'dir' commands. Malicious usage of the 'ls' command can be used to corrupt
the stack and cause a denial of service by utilizing available CPU and
memory resources.
DETAILS
Vulnerable Systems:
* Coreutils versions prior to 5.2.0
Immune Systems:
* Coreutils version 5.2.0
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854>
CAN-2003-0854
A while ago, an integer overflow vulnerability was found in 'ls' by Georgi
Guninski, allowing an attacker to consume CPU resources due to stack
corruption, and *potentially* execute arbitrary code remotely (due to
usage of 'ls' by Internet daemons like 'WU-FTPD'). Recently fixed
coreutils packages seem to be vulnerable to a slightly different bug.
Specifically, a bug exists in the handling of arguments passed to 'ls' via
the '-w' flag. If a very large integer is given as an argument, large
amounts of CPU and memory resources are consumed due to the stack being
corrupted. Although it is unlikely that any program would call 'ls' with
the width flag, such a scenario can present arbitrary code execution on
the machine. At the minimum, a denial of service will occur.
In order to test your version of 'ls' for this vulnerability, type the
following command in the shell:
$ls -w 1073741828
Note: This would lead to a complete DoS of the system if done as root. In
order to minimize the effect it might be possible to limit the amount of
CPU and memory available to the non-privileged user before executing the
command as that user.
Workaround
Upgrade your coreutils to the specified version.
ADDITIONAL INFORMATION
The information has been provided by <mailto:shaunige@yahoo.co.uk> Shaun
Colley.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] WFTPD Buffer Overflow Vulnerabilities (STAT, LIST, NLST)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
