Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0854

9 documents8 sources
Severity
2.1LOW
EPSS
0.2%
top 53.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
GNU FileutilsWashington University Wu-ftpd
Timeline
PublishedNov 17
Latest updateApr 29

Description

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

Debiancoreutils< 5.2.1-1+3
NVDgnu/fileutils5 versions+4
NVDwashington_university/wu-ftpd21 versions+20

🔴Vulnerability Details

3
GHSA
GHSA-qjv8-gc24-r5w4: ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited2022-04-29
OSV
CVE-2003-0854: ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited2003-11-17
CVEList
CVE-2003-0854: ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited2003-10-25

💥Exploits & PoCs

1
Exploit-DB
WU-FTPD 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service2003-10-31

📋Vendor Advisories

2
Red Hat
security flaw2003-10-15
Debian
CVE-2003-0854: coreutils - ls in the fileutils or coreutils packages allows local users to consume a large ...2003

💬Community

2
Bugzilla
CVE-2003-0854 security flaw2018-08-16
Bugzilla
CAN-2003-0853/0854 DoS in services that use "ls"2003-10-23
CVE-2003-0854 (LOW CVSS 2.1) | ls in the fileutils or coreutils pa | cvebase.io