Description
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
Affected products
- Microsoft / interix6.0 – 6.0
- OpenBSD / OpenBSD4.4
- OpenBSD / OpenBSD2.0 – 2.0
- OpenBSD / OpenBSD2.1 – 2.1
- OpenBSD / OpenBSD2.2 – 2.2
- OpenBSD / OpenBSD2.3 – 2.3
- OpenBSD / OpenBSD2.4 – 2.4
- OpenBSD / OpenBSD2.5 – 2.5
- OpenBSD / OpenBSD2.6 – 2.6
- OpenBSD / OpenBSD2.7 – 2.7
- OpenBSD / OpenBSD2.8 – 2.8
- OpenBSD / OpenBSD2.9 – 2.9
- OpenBSD / OpenBSD3.0 – 3.0
- OpenBSD / OpenBSD3.1 – 3.1
- OpenBSD / OpenBSD3.2 – 3.2
- OpenBSD / OpenBSD3.3 – 3.3
- OpenBSD / OpenBSD3.4 – 3.4
- OpenBSD / OpenBSD3.5 – 3.5
- OpenBSD / OpenBSD3.6 – 3.6
- OpenBSD / OpenBSD3.7 – 3.7
- OpenBSD / OpenBSD3.8 – 3.8
- OpenBSD / OpenBSD3.9 – 3.9
- OpenBSD / OpenBSD4.0 – 4.0
- OpenBSD / OpenBSD4.1 – 4.1
- OpenBSD / OpenBSD4.2 – 4.2
- OpenBSD / OpenBSD4.3 – 4.3
References
- EXPLOIThttps://www.exploit-db.com/exploits/8163
- MISChttp://www.securitytracker.com/id?1021818
- MISChttp://securityreason.com/achievement_securityalert/60
- MISChttp://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41%3Br2=1.42%3Bf=h
- MISChttp://www.securityfocus.com/bid/34008
- MISChttp://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c
- MISChttp://www.securityfocus.com/archive/1/501505/100/0/threaded