CVE-2003-0854

Name of the Vulnerable Software and Affected Versions fileutils versions 4.0.36 through 4.1.9 wu-ftpd (affected versions not specified) coreutils (affected versions not specified)

Description The issue allows local users to consume a large amount of memory via a large -w value in the ls command, which can be remotely exploited via applications that use ls, such as wu-ftpd. Multiple vulnerabilities in the wu-ftpd and fileutils packages can lead to disruption of protected information and can be exploited remotely.

Recommendations For fileutils versions 4.0.36 through 4.1.9, consider restricting the use of the ls command with large -w values to minimize the risk of exploitation. For wu-ftpd, restrict access to the service to minimize the risk of exploitation until a fix is available. For coreutils, consider disabling the ls command or restricting its use with large -w values until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.