Vulnerability CVE-2009-0537 - CERT Civis.Net

Vulnerability Name:

CVE-2009-0537 (CCN-49109)

Assigned:

2009-03-04

Published:

2009-03-04

Updated:

2018-10-11

Summary:

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
4.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2009-0537

Source: CCN
Type: SA34157
OpenBSD libc fts Nested Directories Denial of Service

Source: CCN
Type: SA38098
tnftpd "fts_build()" Denial of Service Vulnerability

Source: CCN
Type: SecurityReason Advisory: SecurityAlert : 60
libc:fts_*():multiple vendors, Denial-of-service

Source: SREASONRES
Type: UNKNOWN
20090304 libc:fts_*():multiple vendors, Denial-of-service

Source: CCN
Type: SECTRACK ID: 1021818
OpenBSD libc fts Function Bug Lets Local Users Deny Service

Source: CCN
Type: Microsoft Technet Web site
Windows Services for UNIX

Source: CCN
Type: OpenBSD Web site
CVS log for src/lib/libc/gen/fts.c

Source: CONFIRM
Type: Vendor Advisory
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c

Source: CCN
Type: OpenBSD CVS Repository
fts.c.diff?r1=1.41;r2=1.42

Source: CONFIRM
Type: Vendor Advisory
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41;r2=1.42;f=h

Source: CCN
Type: OSVDB ID: 52463
OpenBSD libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directory Handling Local DoS

Source: CCN
Type: OSVDB ID: 55345
Microsoft libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directory Handling Local DoS

Source: BUGTRAQ
Type: UNKNOWN
20090305 libc:fts_*():multiple vendors, Denial-of-service

Source: BID
Type: Exploit
34008

Source: CCN
Type: BID-34008
Multiple Vendor libc 'fts.c' Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021818

Source: XF
Type: UNKNOWN
openbsd-ftsbuild-dos(49109)

Source: EXPLOIT-DB
Type: UNKNOWN
8163

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:interix:6.0:*:10.0.6030.0:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.0:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.1:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.2:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.3:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.4:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.5:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.6:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.7:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.8:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.9:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.0:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.1:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.2:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.3:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.4:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.5:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.6:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.7:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.8:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:3.9:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:4.0:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:4.1:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:4.2:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:4.3:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:*:*:*:*:*:*:*:* (Version <= 4.4)

Configuration CCN 1:

cpe:/o:openbsd:openbsd:4.3:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:4.4:*:*:*:*:*:*:*

Denotes that component is vulnerable