chmlib 'extract_chmLib' Directory Traversal Bug Lets Remote Users Overwrie Files
|
|
SecurityTracker Alert ID: 1016343 |
|
SecurityTracker URL: http://securitytracker.com/id/1016343
|
|
CVE Reference:
CVE-2006-3178
(Links to External Site)
|
Updated: May 12 2009
|
Original Entry Date: Jun 20 2006
|
Impact:
Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 0.38
|
Description:
A vulnerability was reported in chmlib. A remote user can view files on the target system.
The 'extract_chmLib' example program does not properly validate user-supplied filenames. A remote user can supply a file with a specially crafted filename containing '..' directory traversal characters that, when extracted by the target user, will cause a file on target system to be overwritten. Files can be overwritten with the privileges of the target user.
Sven Tantau discovered this vulnerability.
|
Impact:
A remote user can cause files on the target system to be overwritten.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: morte.jedrea.com/~jedwin/projects/chmlib/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 20 Jun 2006 01:05:55 -0400
Subject: CHM lib / chmlib update
|
http://morte.jedrea.com/~jedwin/projects/chmlib/
> .. it includes a quick fix for a security hazard Sven Tantau located in one of the
> example programs (extract_chmLib would extract filenames containing ".." as a path
> element, allowing overwriting of any file to which the user has write access).
|
|
