#VU32031 Path traversal in libmspack


Published: 2018-10-23 | Updated: 2020-07-28

Vulnerability identifier: #VU32031

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18586

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libmspack
Universal components / Libraries / Libraries used by multiple products

Vendor: Stuart Caie

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libmspack: 0.0.20060920alpha - 0.7alpha

External links
http://bugs.debian.org/911639
http://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
http://security.gentoo.org/glsa/201903-20
http://www.openwall.com/lists/oss-security/2018/10/22/1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Data Protection Central
Multiple vulnerabilities in Dell EMC SRM and Dell EMC Storage Monitoring and Reporting (SMR)
Multiple vulnerabilities in Dell NetWorker vProxy
Multiple vulnerabilities in Dell Secure Connect Gateway
SUSE update for libmspack
SUSE update for libmspack
SUSE update for libmspack
Gentoo update for cabextract, libmspack
Path traversal in libmspack (Alpine package)
Path traversal in libmspack