Coreutils DIR Width Argument Integer Overflow Vulnerability

BID:9793

Info

Coreutils DIR Width Argument Integer Overflow Vulnerability

Bugtraq ID: 9793
Class: Boundary Condition Error
CVE:
Remote: Unknown
Local: Yes
Published: Mar 02 2004 12:00AM
Updated: Mar 02 2004 12:00AM
Credit: Disclosure of this issue is credited to Shaun Colley <[email protected]>.
Vulnerable: GNU fileutils 4.1.11
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
GNU fileutils 4.1.9
+ Redhat Linux 8.0
GNU fileutils 4.1.7
GNU fileutils 4.1.6
+ Sun Linux 5.0.6
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
GNU fileutils 4.1.5
+ MandrakeSoft Multi Network Firewall 2.0
GNU fileutils 4.1.1
+ Turbolinux Turbolinux Desktop 10.0
GNU fileutils 4.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ Debian Linux 3.0
+ Redhat Linux 7.3 i386
 + Redhat Linux 7.3 i386
 + Redhat Linux 7.3
+ Redhat Linux 7.3
+ Redhat Linux 7.2 ia64
 + Redhat Linux 7.2 ia64
 + Redhat Linux 7.2 i386
 + Redhat Linux 7.2 i386
 + Redhat Linux 7.2 alpha
 + Redhat Linux 7.2 alpha
 + Redhat Linux 7.2
+ Redhat Linux 7.2
+ Redhat Linux 7.1 ia64
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.0 sparc
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Slackware Linux 8.0
+ Slackware Linux 8.0
+ Sun Cobalt Qube 3
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ XTR
+ Sun Cobalt RaQ XTR
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ Sun Linux 5.0
+ Sun LX50
+ Sun LX50
+ SuSE Linux 7.3 sparc
 + SuSE Linux 7.3 sparc
 + SuSE Linux 7.3 ppc
 + SuSE Linux 7.3 ppc
 + SuSE Linux 7.3 i386
 + SuSE Linux 7.3 i386
 + SuSE Linux 7.2 i386
 + SuSE Linux 7.2 i386
 + SuSE Linux 7.1 x86
 + SuSE Linux 7.1 x86
 + SuSE Linux 7.1 sparc
 + SuSE Linux 7.1 sparc
 + SuSE Linux 7.1 ppc
 + SuSE Linux 7.1 ppc
 + SuSE Linux 7.1 alpha
 + SuSE Linux 7.1 alpha
 + SuSE Linux 7.0 sparc
 + SuSE Linux 7.0 sparc
 + SuSE Linux 7.0 ppc
 + SuSE Linux 7.0 ppc
 + SuSE Linux 7.0 i386
 + SuSE Linux 7.0 i386
 + SuSE Linux 7.0 alpha
 + SuSE Linux 7.0 alpha
 + Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.1
GNU fileutils 4.0.36
+ Redhat Linux 7.1 i386
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.1
+ Redhat Linux 7.1
+ Redhat Linux for iSeries 7.1
+ Redhat Linux for iSeries 7.1
+ Redhat Linux for pSeries 7.1
GNU fileutils 4.0.33
+ Trend Micro InterScan VirusWall for Unix 6.0.5
+ Turbolinux Turbolinux 6.0.5
+ Turbolinux Turbolinux 6.0.5
+ Turbolinux Turbolinux Advanced Server 6.0
+ Turbolinux Turbolinux Advanced Server 6.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 6.0
GNU fileutils 4.0
+ Debian Linux 2.2 sparc
 + Debian Linux 2.2 sparc
 + Debian Linux 2.2 sparc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 IA-32
 + Debian Linux 2.2 IA-32
 + Debian Linux 2.2 IA-32
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 68k
 + Debian Linux 2.2 68k
 + Debian Linux 2.2 68k
 + Immunix Immunix OS 7+
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0
+ Redhat Linux 7.0
+ Redhat Linux 7.0
+ Redhat Linux 6.2 i386
 + Redhat Linux 6.2 i386
 + Redhat Linux 6.2 i386
 + Redhat Linux 6.2
 + Redhat Linux 6.2
 + Redhat Linux 6.2
 + Slackware Linux 7.1
+ Slackware Linux 7.1
+ Slackware Linux 7.1
+ Slackware Linux 7.0
+ Slackware Linux 7.0
+ Slackware Linux 7.0
GNU Coreutils 5.1.3
GNU Coreutils 5.1.2
GNU Coreutils 5.1.1
GNU Coreutils 5.1
GNU Coreutils 5.0.91
GNU Coreutils 5.0.90
GNU Coreutils 5.0.1
GNU Coreutils 5.0
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
GNU Coreutils 4.5.12
GNU Coreutils 4.5.11
GNU Coreutils 4.5.10
GNU Coreutils 4.5.9
GNU Coreutils 4.5.8
GNU Coreutils 4.5.7
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
GNU Coreutils 4.5.6
GNU Coreutils 4.5.5
GNU Coreutils 4.5.4
GNU Coreutils 4.5.3
+ Redhat Linux 9.0 i386
 GNU Coreutils 4.5.2
GNU Coreutils 4.5.2
GNU Coreutils 4.5.1
Not Vulnerable:

Discussion

Coreutils DIR Width Argument Integer Overflow Vulnerability

Coreutils 'dir' has been reported prone to an integer overflow vulnerability. The issue reportedly presents itself when handling large integer value '-w' (width) command line arguments passed to the vulnerable application.

Due to the nature of this issue it may possibly be leveraged to deny service to applications that use the 'dir' utility. It has been conjectured that when invoked by an application with a malicious integer value passed via the '-w' argument, the affected application may hang while waiting for the utility to return output.

Exploit / POC

Coreutils DIR Width Argument Integer Overflow Vulnerability

No exploit is required to leverage this issue. The following proof of concept was provided:

bash$ dir -w 1073741828

Solution / Fix

Coreutils DIR Width Argument Integer Overflow Vulnerability

Solution:
GNU Core Utilities version 5.2.0 has been released dealing with this issue.


GNU Coreutils 4.5.1

GNU Coreutils 4.5.10

GNU Coreutils 4.5.11

GNU Coreutils 4.5.12

GNU Coreutils 4.5.2

GNU Coreutils 4.5.2

GNU Coreutils 4.5.3

GNU Coreutils 4.5.4

GNU Coreutils 4.5.5

GNU Coreutils 4.5.6

GNU Coreutils 4.5.7

GNU Coreutils 4.5.8

GNU Coreutils 4.5.9

GNU Coreutils 5.0

GNU Coreutils 5.0.1

GNU Coreutils 5.0.90

GNU Coreutils 5.0.91

GNU Coreutils 5.1

GNU Coreutils 5.1.1

GNU Coreutils 5.1.2

GNU Coreutils 5.1.3

References

Coreutils DIR Width Argument Integer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report