Back to search
CVE-2009-0537
Published: Mar 9, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
8163
exploit
x_refsource_EXPLOIT-DB
1021818
vdb-entry
x_refsource_SECTRACK
20090304 libc:fts_*():multiple vendors, Denial-of-service
third-party-advisory
x_refsource_SREASONRES
34008
vdb-entry
x_refsource_BID
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c
x_refsource_CONFIRM
20090305 libc:fts_*():multiple vendors, Denial-of-service
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now