{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Red Hat Linux 7.1, 7.2, 7.3, 8.0 et 9.0 ;","product":{"name":"N/A","vendor":{"name":"Red Hat","scada":false}}},{"description":"Mandrake Linux 9.0, 9.1, 9.2, Multi Network Firewall 8.2, Corporate Server 2.1 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Red Hat Enterprise Linux AS v2.1, Red Hat Enterprise Linux ES v2.1, Red Hat Enterprise Linux WS v2.1 et RedHat Linux Advanced Workstation 2.1 pour Itanium ;","product":{"name":"Red Hat Enterprise Linux","vendor":{"name":"Red Hat","scada":false}}},{"description":"Fedora Core 1.","product":{"name":"Core","vendor":{"name":"Owncloud","scada":false}}},{"description":"Sun Cobalt Qube 3, Sun Cobalt RaQ 4, Sun Cobalt RaQ 550, Sun Cobalt RaQ XTR ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire est pr\u00e9sente dans la\ncommande /bin/ls. Cette commande est g\u00e9n\u00e9ralement pr\u00e9sente dans le\npaquetage fileutils des distributions Linux.\n\nUn utilisateur malicieux peut exploiter la vuln\u00e9rabilit\u00e9 pr\u00e9sente dans\nla commande /bin/ls pour r\u00e9aliser un d\u00e9ni de service par consommation\nexcessive de ressources sur une machine vuln\u00e9rable. Cette vuln\u00e9rabilit\u00e9\nest exploitable en local mais aussi \u00e0 distance via un serveur wu-ftpd\npar exemple.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[],"links":[{"title":"Correctifs de s\u00e9curit\u00e9 de Sun pour les produits Sun Cobalt    Qube 3, RaQ 4, RaQ 550 et RaQ XTR :","url":"http://ftp.cobalt.sun.com/pub/packages/"},{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2003:310 :","url":"http://rhn.redhat.com/errata/RHSA-2003-310.html"},{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2003:309 :","url":"http://rhn.redhat.com/errata/RHSA-2003-309.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2004-091 :","url":"http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00014.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Avaya ASA-2005-213 du 04 octobre 2005    :","url":"http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"},{"title":"Avis de s\u00e9curit\u00e9 #62 de G. Guninski :","url":"http://www.guninski.com/binls.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2003:106 :","url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:106"}],"reference":"CERTA-2003-AVI-180","revisions":[{"description":"version initiale.","revision_date":"2003-11-07T00:00:00.000000"},{"description":"ajout du bulletin de s\u00e9curit\u00e9 de Mandrake Linux.","revision_date":"2003-11-14T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence aux correctifs de s\u00e9curit\u00e9 de Sun pour les Sun Cobalt Qube3, RaQ 4, RaQ 550 et RaQ XTR.","revision_date":"2004-02-17T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Fedora/RedHat et ajout d'une nouvelle r\u00e9f\u00e9rence CVE.","revision_date":"2004-03-11T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Avaya.","revision_date":"2005-10-06T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 de la commande ls sous Linux","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 RHSA-2003:309 de Red Hat","url":null}]}