Description
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
Exploits (1)
References (7)
Core 7
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8163
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021818
Third Party Advisory third-party-advisory
x_refsource_sreasonres
http://securityreason.com/achievement_securityalert/60
Various Sources x_refsource_confirm
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41%3Br2=1.42%3Bf=h
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34008
Vendor Advisory x_refsource_confirm
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501505/100/0/threaded
Scores
EPSS
0.0795
EPSS Percentile
92.1%
Details
CWE
CWE-189
Status
published
Products (26)
microsoft/interix
6.0
openbsd/openbsd
2.0
openbsd/openbsd
2.1
openbsd/openbsd
2.2
openbsd/openbsd
2.3
openbsd/openbsd
2.4
openbsd/openbsd
2.5
openbsd/openbsd
2.6
openbsd/openbsd
2.7
openbsd/openbsd
2.8
... and 16 more
Published
Mar 09, 2009
Tracked Since
Feb 18, 2026