What is the severity of CVE-2003-0854?

CVE-2003-0854 is classified as a high severity vulnerability due to its ability to be exploited remotely and consume significant system memory.

How do I fix CVE-2003-0854?

To mitigate CVE-2003-0854, upgrading to the latest version of GNU Fileutils or wu-ftpd that is not affected by this vulnerability is recommended.

Which software versions are affected by CVE-2003-0854?

CVE-2003-0854 affects GNU Fileutils versions 4.0 through 4.1.7 and wu-ftpd versions 2.4.1 through 2.6.2.

Can CVE-2003-0854 be exploited locally?

Yes, CVE-2003-0854 can be exploited locally by users through applications that invoke the 'ls' command.

Are there any workarounds for CVE-2003-0854?

While upgrading is the most effective fix for CVE-2003-0854, limiting access to vulnerable applications and restricting user permissions can serve as temporary workarounds.

Vulnerability/
CVE-2003-0854

low

2.1

CWE

NVD-CWE-Other

25/10/2003

8/8/2024

CVE-2003-0854

First published: Sat Oct 25 2003(Updated: )

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GNU Fileutils	=4.0
GNU Fileutils	=4.0.36
GNU Fileutils	=4.1
GNU Fileutils	=4.1.6
GNU Fileutils	=4.1.7
wu-ftpd	=2.4.1
wu-ftpd	=2.4.2_beta2
wu-ftpd	=2.4.2_beta18
wu-ftpd	=2.4.2_beta18_vr4
wu-ftpd	=2.4.2_beta18_vr5
wu-ftpd	=2.4.2_beta18_vr6
wu-ftpd	=2.4.2_beta18_vr7
wu-ftpd	=2.4.2_beta18_vr8
wu-ftpd	=2.4.2_beta18_vr9
wu-ftpd	=2.4.2_beta18_vr10
wu-ftpd	=2.4.2_beta18_vr11
wu-ftpd	=2.4.2_beta18_vr12
wu-ftpd	=2.4.2_beta18_vr13
wu-ftpd	=2.4.2_beta18_vr14
wu-ftpd	=2.4.2_beta18_vr15
wu-ftpd	=2.4.2_vr16
wu-ftpd	=2.4.2_vr17
wu-ftpd	=2.5.0
wu-ftpd	=2.6.0
wu-ftpd	=2.6.1
wu-ftpd	=2.6.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2003-0854?
CVE-2003-0854 is classified as a high severity vulnerability due to its ability to be exploited remotely and consume significant system memory.
How do I fix CVE-2003-0854?
To mitigate CVE-2003-0854, upgrading to the latest version of GNU Fileutils or wu-ftpd that is not affected by this vulnerability is recommended.
Which software versions are affected by CVE-2003-0854?
CVE-2003-0854 affects GNU Fileutils versions 4.0 through 4.1.7 and wu-ftpd versions 2.4.1 through 2.6.2.
Can CVE-2003-0854 be exploited locally?
Yes, CVE-2003-0854 can be exploited locally by users through applications that invoke the 'ls' command.
Are there any workarounds for CVE-2003-0854?
While upgrading is the most effective fix for CVE-2003-0854, limiting access to vulnerable applications and restricting user permissions can serve as temporary workarounds.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/gnu
canonical/gnu fileutils
version/gnu fileutils/4.0
version/gnu fileutils/4.0.36
version/gnu fileutils/4.1
version/gnu fileutils/4.1.6
version/gnu fileutils/4.1.7
vendor/washington university
canonical/wu-ftpd
version/wu-ftpd/2.4.1
version/wu-ftpd/2.4.2_beta2
version/wu-ftpd/2.4.2_beta18
version/wu-ftpd/2.4.2_beta18_vr4
version/wu-ftpd/2.4.2_beta18_vr5
version/wu-ftpd/2.4.2_beta18_vr6
version/wu-ftpd/2.4.2_beta18_vr7
version/wu-ftpd/2.4.2_beta18_vr8
version/wu-ftpd/2.4.2_beta18_vr9
version/wu-ftpd/2.4.2_beta18_vr10
version/wu-ftpd/2.4.2_beta18_vr11
version/wu-ftpd/2.4.2_beta18_vr12
version/wu-ftpd/2.4.2_beta18_vr13
version/wu-ftpd/2.4.2_beta18_vr14
version/wu-ftpd/2.4.2_beta18_vr15
version/wu-ftpd/2.4.2_vr16
version/wu-ftpd/2.4.2_vr17
version/wu-ftpd/2.5.0
version/wu-ftpd/2.6.0
version/wu-ftpd/2.6.1
version/wu-ftpd/2.6.2