Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0853

10 documents8 sources
Severity
5.0MEDIUM
EPSS
2.4%
top 14.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
GNU FileutilsWashington University Wu-ftpd
Timeline
PublishedNov 17
Latest updateApr 29

Description

An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debiancoreutils< 5.2.1-1+3
NVDgnu/fileutils5 versions+4
NVDwashington_university/wu-ftpd21 versions+20

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-5rh2-8gqg-243p: An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a la2022-04-29
OSV
CVE-2003-0853: An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a la2003-11-17
CVEList
CVE-2003-0853: An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a la2003-10-25

💥Exploits & PoCs

1
Exploit-DB
Coreutils 4.5.x - LS Width Argument Integer Overflow2003-10-22

📋Vendor Advisories

2
Red Hat
security flaw2003-10-15
Debian
CVE-2003-0853: coreutils - An integer overflow in ls in the fileutils or coreutils packages may allow local...2003

💬Community

3
Bugzilla
CVE-2003-0853 security flaw2018-08-16
Bugzilla
Vulnerability fix for CAN-2003-0853 not applied2004-03-02
Bugzilla
CAN-2003-0853/0854 DoS in services that use "ls"2003-10-23
CVE-2003-0853 (MEDIUM CVSS 5) | An integer overflow in ls in the fi | cvebase.io