|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200702-12] CHMlib: User-assisted remote execution of arbitrary code Vulnerability Scan
Vulnerability Scan Summary CHMlib: User-assisted remote execution of arbitrary code
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200702-12
(CHMlib: User-assisted remote execution of arbitrary code)
When certain CHM files that contain tables and objects stored in pages
are parsed by CHMlib, an unsanitized value is passed to the alloca()
function resulting in a shift of the stack pointer to arbitrary memory
locations.
Impact
A possible hacker could entice a user to open a specially crafted CHM file,
resulting in the execution of arbitrary code with the permissions of
the user viewing the file.
Workaround
There is no known workaround at this time.
References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0619
Solution:
All CHMlib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-doc/chmlib-0.39"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|