Vulnerabilities > CVE-2009-0537 - Numeric Errors vulnerability in multiple products

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
microsoft
openbsd
CWE-189
exploit available

Summary

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMultiple Vendors libc:fts_*() Local Denial of Service Exploit. CVE-2009-0537. Dos exploit for bsd platform
fileexploits/bsd/dos/8163.txt
idEDB-ID:8163
last seen2016-02-01
modified2009-03-05
platformbsd
port
published2009-03-05
reporterSecurityReason
sourcehttps://www.exploit-db.com/download/8163/
titleMultiple Vendors libc:fts_* - Local Denial of Service Exploit
typedos

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:66339
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-66339
    titleMultiple Vendors libc:fts_*() - Local Denial of Service Exploit
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:10777
    last seen2017-11-19
    modified2009-03-06
    published2009-03-06
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-10777
    titleMultiple Vendors libc:fts_*() Local Denial of Service Exploit