ID de Prueba:	1.3.6.1.4.1.25623.1.0.800316
Categoría:	Denial of Service
Título:	chm2pdf Insecure Temporary File Creation or DoS Vulnerability
Resumen:	chm2pdf is prone to Insecure Temporary File Creation or Denial of Service Vulnerability.
Descripción:	Summary: chm2pdf is prone to Insecure Temporary File Creation or Denial of Service Vulnerability. Vulnerability Insight: The vulnerability is due to following, - error in .chm file in /tmp/chm2pdf/orig and /tmp/chm2pdf/work temporary directories. - uses temporary files in directories with fixed names. Vulnerability Impact: Successful exploitation will allow local users to delete arbitrary files via symlink attack or corrupt sensitive files, which may also result in a denial of service. Affected Software/OS: chm2pdf version prior to 0.9.1 on Debian Solution: Upgrade to a later higher version or apply the patche from the referenced link. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5298 BugTraq ID: 31735 http://www.securityfocus.com/bid/31735 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053510.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053501.html http://secunia.com/advisories/32257 http://secunia.com/advisories/43109 http://www.vupen.com/english/advisories/2011/0236 XForce ISS Database: chm2pdf-chm2pdf-symlink(45813) https://exchange.xforce.ibmcloud.com/vulnerabilities/45813 XForce ISS Database: chm2pdf-files-dos(47030) https://exchange.xforce.ibmcloud.com/vulnerabilities/47030 Common Vulnerability Exposure (CVE) ID: CVE-2008-5299
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.