Actu
Vigil@nce: NetBSD, OpenBSD, denial of service via fts
October 2009 by Vigil@nce
A local attacker can use a long path in order to generate a denial
of service on applications using the fts_* functions of the libc.
– Severity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 02/10/2009
IMPACTED PRODUCTS
– NetBSD
– OpenBSD
DESCRIPTION OF THE VULNERABILITY
Functions in the fts (fts_open, fts_read, etc.) family are used to
go through a directory hierarchy.
They use the _ftsent structure to store information on a file.
This structure has a field named fts_level, which contains the
depth level where the file was found (number of went through
directories). The fts_level field is of short type (16 bit,
maximum 64k).
However, if the depth is over 64k, NetBSD and OpenBSD cannot go in
the subdirectory.
A local attacker can therefore use a long path in order to
generate a denial of service on applications using the fts_*
functions of the libc.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-9066
– Url: http://vigilance.fr/vulnerability/NetBSD-OpenBSD-denial-of-service-via-fts-9066
