CVE-2009-0537

Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to 4.4 Microsoft Interix version 6.0 build 10.0.6030.0

Description The issue is related to an integer overflow in the fts build function in fts.c in libc, which allows context-dependent attackers to cause a denial of service, resulting in an application crash. This can be triggered via a deep directory tree, related to the fts level structure member. The issue is demonstrated by various commands and applications, including du, rm, chmod, and chgrp on OpenBSD, and SearchIndexer.exe on Vista Enterprise.

Recommendations For OpenBSD versions prior to 4.4, update to a version later than 4.4 to resolve the issue. For Microsoft Interix version 6.0 build 10.0.6030.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.