First published: Mon Mar 09 2009(Updated: )
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Interix | =6.0 | |
Openbsd Openbsd | <=4.4 | |
Openbsd Openbsd | =2.0 | |
Openbsd Openbsd | =2.1 | |
Openbsd Openbsd | =2.2 | |
Openbsd Openbsd | =2.3 | |
Openbsd Openbsd | =2.4 | |
Openbsd Openbsd | =2.5 | |
Openbsd Openbsd | =2.6 | |
Openbsd Openbsd | =2.7 | |
Openbsd Openbsd | =2.8 | |
Openbsd Openbsd | =2.9 | |
Openbsd Openbsd | =3.0 | |
Openbsd Openbsd | =3.1 | |
Openbsd Openbsd | =3.2 | |
Openbsd Openbsd | =3.3 | |
Openbsd Openbsd | =3.4 | |
Openbsd Openbsd | =3.5 | |
Openbsd Openbsd | =3.6 | |
Openbsd Openbsd | =3.7 | |
Openbsd Openbsd | =3.8 | |
Openbsd Openbsd | =3.9 | |
Openbsd Openbsd | =4.0 | |
Openbsd Openbsd | =4.1 | |
Openbsd Openbsd | =4.2 | |
Openbsd Openbsd | =4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.