Red Hat Bugzilla – Bug 118642
Coreutils 'dir' integer overflow vulnerability.
Last modified: 2007-11-30 17:07:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5)
Description of problem:
Bug: DoS / possible arbitrary code execution.
Impact: Attacker's can cause MASS consumption of CPU utilisation and
usage of memory, by corrupting the stack. Possible code execution.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Just run in shell$ dir -w 1073741828
Actual Results: mass CPU utilisation will be used
If invoked via a debugging tool such as 'Valgrind', one can see the
consequences of the integer overflow taking place
Well, you are already in a shell there.
Perhaps you are thinking of an exploit via an FTP server? vsftpd uses
its own internal ls.
Or is there a different vector you are thinking of?
I can create simple php script, for example, post it to a hosting
site, and hang the server if it not limit resources. Most admins of
the small ISP hosting sites don't limit memory and cpy resources. :)
If an ISP allows you to run arbitrary php scripts then there are many
other ways you can cause similar effects even without this flaw being