[SECURITY] [DSA 1144-1] New chmlib packages fix denial of service
2006-08-07T00:00:00
ID DEBIAN:DSA-1144-1:8833E Type debian Reporter Debian Modified 2006-08-07T00:00:00
Description
Debian Security Advisory DSA 1144-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 7th, 2006 http://www.debian.org/security/faq
Package : chmlib
Vulnerability : missing input sanitising
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-3178
It was discovered that one of the utilities shipped with chmlib, a
library for dealing with Microsoft CHM files, performs insufficient
sanitising of filenames, which might lead to directory traversal.
For the stable distribution (sarge) this problem has been fixed in
version 0.35-6sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 0.38-1.
We recommend that you upgrade your chmlib-bin package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
{"id": "DEBIAN:DSA-1144-1:8833E", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 1144-1] New chmlib packages fix denial of service", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1144-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 7th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : chmlib\nVulnerability : missing input sanitising\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2006-3178\n\nIt was discovered that one of the utilities shipped with chmlib, a\nlibrary for dealing with Microsoft CHM files, performs insufficient\nsanitising of filenames, which might lead to directory traversal.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.35-6sarge3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.38-1.\n\nWe recommend that you upgrade your chmlib-bin package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3.dsc\n Size/MD5 checksum: 604 bf863d9f219b275c0b773861e981a917\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3.diff.gz\n Size/MD5 checksum: 16413 b383820343449d33e4297368568b40bf\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35.orig.tar.gz\n Size/MD5 checksum: 368428 8fa0e692b2606a03fb51589f66a82eec\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_alpha.deb\n Size/MD5 checksum: 25796 1892260c61070cfb1c265458150a0ceb\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_alpha.deb\n Size/MD5 checksum: 18782 ec61ba3873d1952af1d1c10b0fe57a4a\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_alpha.deb\n Size/MD5 checksum: 25690 9a5d631b6e977b9c61b731803bbf2d5c\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_amd64.deb\n Size/MD5 checksum: 23868 40d8f17410a02847577fe894c6617e71\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_amd64.deb\n Size/MD5 checksum: 17128 68e0e5e301172ce92648b5cf5efedba2\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_amd64.deb\n Size/MD5 checksum: 22710 931565e32ca29f1a515a3ba48a840d0f\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_arm.deb\n Size/MD5 checksum: 25372 80b7881428f5668208a5ecc06d778f3b\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_arm.deb\n Size/MD5 checksum: 16192 7644e42e9130da35ad344e8504f85e5f\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_arm.deb\n Size/MD5 checksum: 24128 a9ed0802965ea57ffc2683aad90277b8\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_i386.deb\n Size/MD5 checksum: 25026 e567d12fc2dfcaae17973e2a2da40007\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_i386.deb\n Size/MD5 checksum: 16300 d885e6db52cc52a626186869f2e0731b\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_i386.deb\n Size/MD5 checksum: 23030 748d269bb7b3d2ebddc4a459e6136573\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_ia64.deb\n Size/MD5 checksum: 28624 8b8baeec6cc8d30cd6eea8529a4df375\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_ia64.deb\n Size/MD5 checksum: 19558 c8889fc3a5015d928f0bc8bf3e7a4ba0\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_ia64.deb\n Size/MD5 checksum: 27402 24463e0be69ecc330178701bd268364f\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_hppa.deb\n Size/MD5 checksum: 27870 76c09247988d19755408b16e38f86b5b\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_hppa.deb\n Size/MD5 checksum: 18284 bb3013313e96f7f8d4622aad6de21170\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_hppa.deb\n Size/MD5 checksum: 24338 18e0e89cc8379d2d606a92286843c79f\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_m68k.deb\n Size/MD5 checksum: 23242 ab3b883d382341b152d5c2e0eceab044\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_m68k.deb\n Size/MD5 checksum: 16440 54e7c14b32928eb994943d439d9f5c89\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_m68k.deb\n Size/MD5 checksum: 21782 4c03416905d38baadef72f588d1c4aca\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_mips.deb\n Size/MD5 checksum: 26672 36e6ee842cc10c9f76e574a371e51346\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_mips.deb\n Size/MD5 checksum: 23296 60188443d09b77e0efa7b4e980b0c7f0\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_mips.deb\n Size/MD5 checksum: 25234 a14971f943df4051b55594463016e9dc\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_mipsel.deb\n Size/MD5 checksum: 26694 226831a74cf9df7f38a19e1b06e318b7\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_mipsel.deb\n Size/MD5 checksum: 23310 ec018fec09ff44beceb8ac9d7780af5e\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_mipsel.deb\n Size/MD5 checksum: 25218 84e07e66e7f4b816336aa383be318b4f\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_powerpc.deb\n Size/MD5 checksum: 27482 369986825b64b261a961c3ab0588fd71\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_powerpc.deb\n Size/MD5 checksum: 22196 ef565ae91a142079e571a156a96f7f73\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_powerpc.deb\n Size/MD5 checksum: 23712 b1aecf54941743a972afeec9181ab6a2\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_s390.deb\n Size/MD5 checksum: 26718 05081b1ccf0b27ccfb68b840547a9495\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_s390.deb\n Size/MD5 checksum: 17652 23af02d4509dce8542171a498200680b\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_s390.deb\n Size/MD5 checksum: 23592 21f1a9e1ce6eafe1e409bfe0d4b30a5c\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_sparc.deb\n Size/MD5 checksum: 24446 b978afe8fa6e453156bd841bb85d9b67\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_sparc.deb\n Size/MD5 checksum: 16286 364c3168d21b385ca98cb7c626ad7e2f\n http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_sparc.deb\n Size/MD5 checksum: 22474 870c35d6c7d66e2517f95eb7f6413c5e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "published": "2006-08-07T00:00:00", "modified": "2006-08-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00233.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2006-3178"], "type": "debian", "lastseen": "2020-11-11T13:17:14", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3178"]}, {"type": "osvdb", "idList": ["OSVDB:26636"]}, {"type": "openvas", "idList": ["OPENVAS:57261"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1144.NASL"]}], "modified": "2020-11-11T13:17:14", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-11-11T13:17:14", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"OS": "Debian", "OSVersion": "3.1", "arch": "all", "operator": "lt", "packageFilename": "chmlib_0.35-6sarge3_all.deb", "packageName": "chmlib", "packageVersion": "0.35-6sarge3"}], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:23:46", "description": "Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.\nUpgrade to version 0.38", "edition": 5, "cvss3": {}, "published": "2006-06-23T00:02:00", "title": "CVE-2006-3178", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3178"], "modified": "2017-07-20T01:32:00", "cpe": ["cpe:/a:jed_wing:chm_lib:0.37"], "id": "CVE-2006-3178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3178", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:jed_wing:chm_lib:0.37:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "cvelist": ["CVE-2006-3178"], "edition": 1, "description": "## Vulnerability Description\nCHM Lib contains a flaw that allows a remote attacker to extract arbitrary files outside of the web path. The issue is due to the 'extract_chmLib' example program not properly sanitizing user input, specifically directory traversal style attacks (../../).\n## Solution Description\nUpgrade to version 0.38 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCHM Lib contains a flaw that allows a remote attacker to extract arbitrary files outside of the web path. The issue is due to the 'extract_chmLib' example program not properly sanitizing user input, specifically directory traversal style attacks (../../).\n## References:\nVendor Specific News/Changelog Entry: http://morte.jedrea.com/~jedwin/projects/chmlib/\nSecurity Tracker: 1016343\n[Secunia Advisory ID:20734](https://secuniaresearch.flexerasoftware.com/advisories/20734/)\n[Secunia Advisory ID:21406](https://secuniaresearch.flexerasoftware.com/advisories/21406/)\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1144\nISS X-Force ID: 27278\nFrSIRT Advisory: ADV-2006-2430\n[CVE-2006-3178](https://vulners.com/cve/CVE-2006-3178)\nBugtraq ID: 18511\n", "modified": "2006-06-16T09:48:53", "published": "2006-06-16T09:48:53", "href": "https://vulners.com/osvdb/OSVDB:26636", "id": "OSVDB:26636", "type": "osvdb", "title": "CHM Lib extract_chmLib Traversal Arbitrary File Overwrite", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3178"], "description": "The remote host is missing an update to chmlib\nannounced via advisory DSA 1144-1.\n\nIt was discovered that one of the utilities shipped with chmlib, a\nlibrary for dealing with Microsoft CHM files, performs insufficient\nsanitising of filenames, which might lead to directory traversal.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57261", "href": "http://plugins.openvas.org/nasl.php?oid=57261", "type": "openvas", "title": "Debian Security Advisory DSA 1144-1 (chmlib)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1144_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1144-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 0.35-6sarge3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.38-1.\n\nWe recommend that you upgrade your chmlib-bin package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201144-1\";\ntag_summary = \"The remote host is missing an update to chmlib\nannounced via advisory DSA 1144-1.\n\nIt was discovered that one of the utilities shipped with chmlib, a\nlibrary for dealing with Microsoft CHM files, performs insufficient\nsanitising of filenames, which might lead to directory traversal.\";\n\n\nif(description)\n{\n script_id(57261);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-3178\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1144-1 (chmlib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chmlib\", ver:\"0.35-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chmlib-bin\", ver:\"0.35-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chmlib-dev\", ver:\"0.35-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-06T09:44:40", "description": "It was discovered that one of the utilities shipped with chmlib, a\nlibrary for dealing with Microsoft CHM files, performs insufficient\nsanitising of filenames, which might lead to directory traversal.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1144-1 : chmlib - missing input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3178"], "modified": "2006-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chmlib", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1144.NASL", "href": "https://www.tenable.com/plugins/nessus/22686", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1144. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22686);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-3178\");\n script_xref(name:\"DSA\", value:\"1144\");\n\n script_name(english:\"Debian DSA-1144-1 : chmlib - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that one of the utilities shipped with chmlib, a\nlibrary for dealing with Microsoft CHM files, performs insufficient\nsanitising of filenames, which might lead to directory traversal.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1144\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chmlib-bin package.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.35-6sarge3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chmlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"chmlib\", reference:\"0.35-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"chmlib-bin\", reference:\"0.35-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"chmlib-dev\", reference:\"0.35-6sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}
