CHM Lib extract_chmLib directory traversal

chmlib-extract-directory-traversal (27278) The risk level is classified as MediumMedium Risk

Description:

CHM Lib (chmlib) could allow a remote attacker to traverse directories on the system, caused by improper validation of file names by the extract_chmLib application. An attacker could create a malicious .chm file with specially-crafted file name containing "dot dot" sequences which, once extracted, could allow the attacker to traverse directories and overwrite files on the system.


Consequences:

File Manipulation

Remedy:

Upgrade to the latest version of CHM Lib (0.38 or later) available from the CHM Lib Web site. See References.

For Debian GNU/Linux:
Refer to DSA-1144-1 for patch, upgrade, or suggested workaround information. See References.

References:

  • CHM Lib Web site: CHM Lib.
  • BID-18511: CHM Lib Extract_chmlib Directory Traversal Vulnerability
  • CVE-2006-3178: Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.
  • DSA-1144: chmlib -- missing input sanitising
  • OSVDB ID: 26636: CHM Lib extract_chmLib Traversal Arbitrary File Overwrite
  • SA20734: CHM Lib "extract_chmLib" Directory Traversal Vulnerability
  • SECTRACK ID: 1016343: chmlib `extract_chmLib` Directory Traversal Bug Lets Remote Users Overwrie Files
  • VUPEN/ADV-2006-2430: CHM Lib extract_chmLib File Handling Client-Side Directory Traversal Vulnerability

Platforms Affected:

  • Debian Debian Linux 3.1
  • Gentoo Linux
  • Jed Wing CHM Lib 0.37

Reported:

Jun 16, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page