NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2009-0537

Summary	Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
Publication Date	March 10, 2009, 6:30 a.m.
Registration Date	Jan. 29, 2021, 1:14 p.m.
Last Update	Nov. 7, 2023, 11:03 a.m.

CVSS2.0 : MEDIUM
Score	4.9
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:openbsd:openbsd:4.1:::::::*
cpe:2.3:o:openbsd:openbsd:3.7:::::::*
cpe:2.3:o:openbsd:openbsd:2.8:::::::*
cpe:2.3:o:openbsd:openbsd:3.8:::::::*
cpe:2.3:o:openbsd:openbsd::::::::			4.4
cpe:2.3:o:openbsd:openbsd:3.1:::::::*
cpe:2.3:o:openbsd:openbsd:3.3:::::::*
cpe:2.3:o:openbsd:openbsd:2.9:::::::*
cpe:2.3:o:openbsd:openbsd:2.1:::::::*
cpe:2.3:o:openbsd:openbsd:2.2:::::::*
cpe:2.3:o:openbsd:openbsd:3.9:::::::*
cpe:2.3:o:openbsd:openbsd:2.0:::::::*
cpe:2.3:o:openbsd:openbsd:2.7:::::::*
cpe:2.3:o:openbsd:openbsd:3.2:::::::*
cpe:2.3:o:openbsd:openbsd:2.4:::::::*
cpe:2.3:o:openbsd:openbsd:4.2:::::::*
cpe:2.3:o:openbsd:openbsd:3.6:::::::*
cpe:2.3:o:openbsd:openbsd:3.0:::::::*
cpe:2.3:o:openbsd:openbsd:4.0:::::::*
cpe:2.3:o:openbsd:openbsd:3.5:::::::*
cpe:2.3:a:microsoft:interix:6.0::10.0.6030.0:::::
cpe:2.3:o:openbsd:openbsd:2.6:::::::*
cpe:2.3:o:openbsd:openbsd:4.3:::::::*
cpe:2.3:o:openbsd:openbsd:2.5:::::::*
cpe:2.3:o:openbsd:openbsd:2.3:::::::*
cpe:2.3:o:openbsd:openbsd:3.4:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://securityreason.com/achievement_securityalert/60	SREASONRES
2	http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c	CONFIRM	Vendor Advisory
3	http://www.securityfocus.com/bid/34008	BID	Exploit
4	http://www.securitytracker.com/id?1021818	SECTRACK
5	https://www.exploit-db.com/exploits/8163	EXPLOIT-DB
6	http://www.securityfocus.com/archive/1/501505/100/0/threaded	BUGTRAQ
7	http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41%3Br2=1.42%3Bf=h

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html