CVE-2009-0537

Severity

49%

Complexity

39%

Confidentiality

115%

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 15 years ago

2009-03-09 21:30:00

Last updated 6 years ago

2018-10-11 21:01:00

Affected Software

OpenBSD 2.0

2.0

OpenBSD 2.1

2.1

OpenBSD 2.2

2.2

OpenBSD 2.3

2.3

OpenBSD 2.4

2.4

OpenBSD 2.5

2.5

OpenBSD 2.6

2.6

OpenBSD 2.7

2.7

OpenBSD 2.8

2.8

OpenBSD 2.9

2.9

OpenBSD 3.0

3.0

OpenBSD 3.1

3.1

OpenBSD 3.2

3.2

OpenBSD 3.3

3.3

OpenBSD 3.4

3.4

OpenBSD 3.5

3.5

OpenBSD 3.6

3.6

OpenBSD 3.7

3.7

OpenBSD 3.8

3.8

OpenBSD 3.9

3.9

OpenBSD 4.0

4.0

OpenBSD 4.1

4.1

OpenBSD 4.2

4.2

OpenBSD 4.3

4.3

OpenBSD

References

20090304 libc:fts_*():multiple vendors, Denial-of-service

http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c

Vendor Advisory

http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41;r2=1.42;f=h