[CLA-2003:768] Conectiva Security Announcement - fileutils

From: Conectiva Updates (secure_at_conectiva.com.br)
Date: 10/22/03

  • Next message: bruce_at_webwizguide.info: "Re: Web Wiz Forums ver. 7.01"
    Date: Wed, 22 Oct 2003 16:13:07 -0200
    To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com, linsec@lists.seifried.org
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    CONECTIVA LINUX SECURITY ANNOUNCEMENT
    - --------------------------------------------------------------------------

    PACKAGE : fileutils
    SUMMARY : Denial of service vulnerability (exploitable through wu-ftpd)
    DATE : 2003-10-22 16:10:00
    ID : CLA-2003:768
    RELEVANT
    RELEASES : 7.0, 8, 9

    - -------------------------------------------------------------------------

    DESCRIPTION
     The fileutils package contains several basic system utilities. One of
     these utilities is the "ls" program, used to list information about
     files and directories.
     
     Georgi Guninski discovered[1] a memory starvation denial of service
     vulnerability in the ls program. It is possible to make ls allocate a
     huge amount of memory by calling it with the parameters "-w X -C"
     (where X is an arbitrary large number).
     
     This vulnerability is remotely exploitable in scenarios where remote
     applications allow an user to call ls without filtering the supplied
     parameters. An example of such scenario is the use of the wu-ftpd FTP
     server.
     
     The Common Vulnerabilities and Exposures project (cve.mitre.org) has
     assigned the name CAN-2003-0854[2] to this issue.
     
     Additionally, this update fixes an integer overflow in ls which seems
     non-exploitable. The overflow occurs in the usage of the "-w"
     parameter under the same circumstances of the aforementioned memory
     starvation vulnerability. The Common Vulnerabilities and Exposures
     project (cve.mitre.org) has assigned the name CAN-2003-0853[3] to
     this issue.

    SOLUTION
     All users should upgrade.
     
     
     REFERENCES:
     1.http://www.guninski.com/binls.html
     2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854
     3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853

    UPDATED PACKAGES
    ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fileutils-4.0-20U70_1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/fileutils-4.0-20U70_1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/8/RPMS/fileutils-4.1-3U80_1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/8/SRPMS/fileutils-4.1-3U80_1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/fileutils-4.1-7779U90_1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/SRPMS/fileutils-4.1-7779U90_1cl.src.rpm

    ADDITIONAL INSTRUCTIONS
     The apt tool can be used to perform RPM packages upgrades:

     - run: apt-get update
     - after that, execute: apt-get upgrade

     Detailed instructions reagarding the use of apt and upgrade examples
     can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

    - -------------------------------------------------------------------------
    All packages are signed with Conectiva's GPG key. The key and instructions
    on how to import it can be found at
    http://distro.conectiva.com.br/seguranca/chave/?idioma=en
    Instructions on how to check the signatures of the RPM packages can be
    found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

    - -------------------------------------------------------------------------
    All our advisories and generic update instructions can be viewed at
    http://distro.conectiva.com.br/atualizacoes/?idioma=en

    - -------------------------------------------------------------------------
    Copyright (c) 2003 Conectiva Inc.
    http://www.conectiva.com

    - -------------------------------------------------------------------------
    subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
    unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE/lsiy42jd0JmAcZARAgC0AKDdWNVAcA5PLGcmjgzfnCpxi37cmwCg6oAY
    NM8FCmr4cf22nURHBBkX2YM=
    =z9ff
    -----END PGP SIGNATURE-----


  • Next message: bruce_at_webwizguide.info: "Re: Web Wiz Forums ver. 7.01"

    Relevant Pages

    • [CLA-2003:617] Conectiva Security Announcement - file
      ... This vulnerability can be triggered by the use of specially ... All users should upgrade. ... The apt tool can be used to perform RPM packages upgrades: ... Detailed instructions reagarding the use of apt and upgrade examples ...
      (Bugtraq)
    • [CLA-2003:693] Conectiva Security Announcement - pam
      ... Andreas Beck discovereda vulnerability in the use of pam_xauth by ... All users should upgrade. ... The apt tool can be used to perform RPM packages upgrades: ... Detailed instructions reagarding the use of apt and upgrade examples ...
      (Bugtraq)
    • [CLA-2003:727] Conectiva Security Announcement - sendmail
      ... determined whether this vulnerability can be used to execute remote ... It is recommended that all sendmail users upgrade their packages. ... Detailed instructions reagarding the use of apt and upgrade examples ...
      (Bugtraq)
    • [CLA-2003:614] Conectiva Security Announcement - sendmail
      ... SUMMARY: Buffer overflow vulnerability ... All sendmail users should upgrade immediately. ... UPDATED PACKAGES ... Detailed instructions reagarding the use of apt and upgrade examples ...
      (Bugtraq)
    • [CLA-2003:750] Conectiva Security Announcement - proftpd
      ... PACKAGE: proftpd ... this vulnerability to execute arbitrary code with root privileges. ... The apt tool can be used to perform RPM packages upgrades: ... Detailed instructions reagarding the use of apt and upgrade examples ...
      (Bugtraq)