Info

Disclosure

Jun 16, 2006

Discovery

Unknown

Dates

Exploit

Jun 16, 2006

Solution

Unknown

Description

CHM Lib contains a flaw that allows a remote attacker to extract arbitrary files outside of the web path. The issue is due to the 'extract_chmLib' example program not properly sanitizing user input, specifically directory traversal style attacks (../../).

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 0.38 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

CHMlib

0.37

References

Security Tracker: 1016343
Bugtraq ID: 18511
CVE ID: 2006-3178 (see also: NVD)
Secunia Advisory ID: 20734 21406
ISS X-Force ID: 27278
VUPEN Advisory: ADV-2006-2430
Vendor Specific News/Changelog Entry: http://morte.jedrea.com/~jedwin/projects/chmlib/
Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1144

Credit

Sven Tantau - svensven-tantau.de - Sven Tantau

Direct URL: http://osvdb.org/26636