CVE-2003-0853

ls <unknown - Buffer Overflow

Title source: llm

Description

An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

Exploits (1)

exploitdb WORKING POC VERIFIED

by druid · perldoslinux

https://www.exploit-db.com/exploits/23274

View Code ZIP pw:eip

References (13)

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-309.html

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768

[Various Sources] http://www.turbolinux.com/security/TLSA-2003-60.txt

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-310.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/8875

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/advisories/6014

[Third Party Advisory] http://secunia.com/advisories/17069

[Various Sources] http://www.guninski.com/binls.html

[Third Party Advisory] http://secunia.com/advisories/10126

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2003:106

Scores

EPSS 0.0244

EPSS Percentile 85.2%

Details

Status published

Products (26)

gnu/fileutils 4.0

gnu/fileutils 4.0.36

gnu/fileutils 4.1

gnu/fileutils 4.1.6

gnu/fileutils 4.1.7

washington_university/wu-ftpd 2.4.1

washington_university/wu-ftpd 2.4.2_beta2

washington_university/wu-ftpd 2.4.2_beta18

washington_university/wu-ftpd 2.4.2_beta18_vr4

washington_university/wu-ftpd 2.4.2_beta18_vr5

... and 16 more

Published Nov 17, 2003

Tracked Since Feb 18, 2026