Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2272 |
Message | FTP LIST integer overflow attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in Coreutils LS. |
Impact | Denial of Service, possible arbitrary code execution. |
Detailed Information | The Coreutils ls command contains an integer overflow vulnerability which may present an attacker with an exploitation opportunity in software that uses this command. By supplying a large amount of data to the ls command in the form of the width variable, an attacker may cause a DoS to occur. It may also be possible to execute arbitrary code as the application becomes unstable. |
Affected Systems | Coreutils LS |
Attack Scenarios | The attacker needs to supply a large amount of data in the width variable to the ls command. |
Ease of Attack | Simple. No exploit software required although automated scripts do exist. |
Corrective Action | Apply the appropriate vendor supplied patches Upgrade the software to the latest non-affected version. |
Additional References | |
Rule References | bugtraq: 8875 cve: 2003-0853 cve: 2003-0854 nessus: 11912 |
--
DID:528638
--
http://www.aanval.com/