Strix
26.1K

CVE-2009-0537

UnknownEPSS 3.59%

Last modified

CVE-2009-0537 is a vulnerability of currently unknown severity. Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.. EPSS estimates a 3.59% chance of exploitation in the next 30 days.

Description

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

Metrics

EPSS Probability
3.59%

88.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MicrosoftInterix6.0
OpenbsdOpenbsd<= 4.4
OpenbsdOpenbsd2.0
OpenbsdOpenbsd2.1
OpenbsdOpenbsd2.2
OpenbsdOpenbsd2.3
OpenbsdOpenbsd2.4
OpenbsdOpenbsd2.5
OpenbsdOpenbsd2.6
OpenbsdOpenbsd2.7
OpenbsdOpenbsd2.8
OpenbsdOpenbsd2.9
OpenbsdOpenbsd3.0
OpenbsdOpenbsd3.1
OpenbsdOpenbsd3.2
OpenbsdOpenbsd3.3
OpenbsdOpenbsd3.4
OpenbsdOpenbsd3.5
OpenbsdOpenbsd3.6
OpenbsdOpenbsd3.7
OpenbsdOpenbsd3.8
OpenbsdOpenbsd3.9
OpenbsdOpenbsd4.0
OpenbsdOpenbsd4.1
OpenbsdOpenbsd4.2
OpenbsdOpenbsd4.3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-0537?
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
How severe is CVE-2009-0537?
Severity scoring for CVE-2009-0537 is pending analysis. The EPSS model estimates a 3.59% probability of exploitation in the next 30 days.
How do I fix CVE-2009-0537?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0537?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST