CVE-2009-0537

Microsoft Interix 6.0 build 10.0.6030.0 and OpenBSD <= 4.4 - Denial of Service via Deep Directory Tree

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0537. PoCs published by SecurityReason.

AI-analyzed exploit summary This is a detailed writeup describing a denial-of-service vulnerability (CVE-2009-0537) in the fts_* functions of libc, affecting multiple vendors including OpenBSD and Microsoft. The issue arises from a short integer overflow in the fts_level field, leading to crashes in programs like du, rm, and chmod when traversing deeply nested directories.

Description

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SecurityReason · textdosbsd

https://www.exploit-db.com/exploits/8163

View Code ZIP pw:eip

This is a detailed writeup describing a denial-of-service vulnerability (CVE-2009-0537) in the fts_* functions of libc, affecting multiple vendors including OpenBSD and Microsoft. The issue arises from a short integer overflow in the fts_level field, leading to crashes in programs like du, rm, and chmod when traversing deeply nested directories.

Classification

Writeup 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: libc (OpenBSD 4.4, Microsoft Interix 6.0, Microsoft Vista Enterprise)

No auth needed

Prerequisites: Ability to create deeply nested directories

MITRE ATT&CK