漏洞信息详情
CHM Lib Extract_chmlib 目录遍历漏洞
- CNNVD编号:CNNVD-200606-419
- 危害等级: 中危
![图片[1]-CHM Lib Extract_chmlib 目录遍历漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-07-03/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2006-3178
- 漏洞类型:
路径遍历
- 发布时间:
2006-06-22
- 威胁类型:
远程
- 更新时间:
2006-07-21
- 厂 商:
jed_wing - 漏洞来源:
Sven Tantau is cre… -
漏洞简介
CHM Lib (chmlib) 中的extract_chmLib示例程序存在目录遍历漏洞。远程攻击者可以借助包含文件名中带CHM (该参数中包含..)的文件的CHM档案,重写任意文件 。
漏洞公告
目前厂商已经发布了相关补丁,请到厂商的主页下载:
CHM Lib CHM Lib 0.35
Debian chmlib-bin_0.35-6sarge3_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_alpha.deb
Debian chmlib-bin_0.35-6sarge3_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_amd64.deb
Debian chmlib-bin_0.35-6sarge3_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_arm.deb
Debian chmlib-bin_0.35-6sarge3_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_hppa.deb
Debian chmlib-bin_0.35-6sarge3_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_i386.deb
Debian chmlib-bin_0.35-6sarge3_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_ia64.deb
Debian chmlib-bin_0.35-6sarge3_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_m68k.deb
Debian chmlib-bin_0.35-6sarge3_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_mips.deb
Debian chmlib-bin_0.35-6sarge3_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_mipsel.deb
Debian chmlib-bin_0.35-6sarge3_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_powerpc.deb
Debian chmlib-bin_0.35-6sarge3_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_s390.deb
Debian chmlib-bin_0.35-6sarge3_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35- 6sarge3_sparc.deb
Debian chmlib-dev_0.35-6sarge3_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_alpha.deb
Debian chmlib-dev_0.35-6sarge3_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_amd64.deb
Debian chmlib-dev_0.35-6sarge3_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_arm.deb
Debian chmlib-dev_0.35-6sarge3_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_hppa.deb
Debian chmlib-dev_0.35-6sarge3_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_i386.deb
Debian chmlib-dev_0.35-6sarge3_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_ia64.deb
Debian chmlib-dev_0.35-6sarge3_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_m68k.deb
Debian chmlib-dev_0.35-6sarge3_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_mips.deb
Debian chmlib-dev_0.35-6sarge3_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_mipsel.deb
Debian chmlib-dev_0.35-6sarge3_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_powerpc.deb
Debian chmlib-dev_0.35-6sarge3_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_s390.deb
Debian chmlib-dev_0.35-6sarge3_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35- 6sarge3_sparc.deb
Debian chmlib_0.35-6sarge3_alpha.deb
Debian GNU/Linux 3.1 alias sarge
参考网址
来源: BID
名称: 18511
链接:http://www.securityfocus.com/bid/18511
来源: VUPEN
名称: ADV-2006-2430
链接:http://www.frsirt.com/english/advisories/2006/2430
来源: SECUNIA
名称: 20734
链接:http://secunia.com/advisories/20734
来源: morte.jedrea.com
链接:http://morte.jedrea.com/~jedwin/projects/chmlib/
来源: XF
名称: chmlib-extract-directory-traversal(27278)
链接:http://xforce.iss.net/xforce/xfdb/27278
来源: OSVDB
名称: 26636
来源: SECTRACK
名称: 1016343
链接:http://securitytracker.com/id?1016343
来源: DEBIAN
名称: DSA-1144
链接:http://www.debian.org/security/2006/dsa-1144
来源: SECUNIA
名称: 21406
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
