Executive Summary
Summary | |
---|---|
Title | An updated lha package fixes security vulnerability |
Informations | |||
---|---|---|---|
Name | RHSA-2004:440 | First vendor Publication | 2004-09-07 |
Vendor | RedHat | Last vendor Modification | 2004-09-07 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated lha package that fixes a buffer overflow is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: LHA is an archiving and compression utility for LHarc format archives. Lukasz Wojtow discovered a stack-based buffer overflow in all versions of lha up to and including version 1.14. A carefully created archive could allow an attacker to execute arbitrary code when a victim extracts or tests the archive. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0769 to this issue. Buffer overflows were discovered in the command line processing of all versions of lha up to and including version 1.14. If a malicious user can trick a victim into passing a specially crafted command line to the lha command, it is possible that arbitrary code could be executed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0771 and CAN-2004-0694 to these issues. Thomas Biege discovered a shell meta character command execution vulnerability in all versions of lha up to and including 1.14. An attacker could create a directory with shell meta characters in its name which could lead to arbitrary command execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0745 to this issue. Users of lha should update to this updated package which contains backported patches and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 126740 - Buffer overflow in lha |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2004-440.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11047 | |||
Oval ID: | oval:org.mitre.oval:def:11047 | ||
Title: | Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771. | ||
Description: | Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0769 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11088 | |||
Oval ID: | oval:org.mitre.oval:def:11088 | ||
Title: | LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name. | ||
Description: | LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0745 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9595 | |||
Oval ID: | oval:org.mitre.oval:def:9595 | ||
Title: | Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | ||
Description: | Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0771 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9981 | |||
Oval ID: | oval:org.mitre.oval:def:9981 | ||
Title: | Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | ||
Description: | Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0694 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-13 (lha) File : nvt/glsa_200409_13.nasl |
2008-09-04 | Name : FreeBSD Ports: lha File : nvt/freebsd_lha.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9522 | LHA Directory Shell Metacharacter Command Execution LHA contains a flaw that may allow a malicious user to execute arbitrary commands. The issue exists because LHA doesn't properly filter directory names that contain shell meta characters. It is possible that the flaw may allow an attacker to use specially crafted directory names to execute arbitrary commands resulting in a loss of integrity. |
9521 | LHA Unspecified Command Line Overflow A local overflow exists in LHA. LHA fails to perform proper bounds checking on command line arguments resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of confidentiality and/or integrity. |
9520 | LHA extract_one Function Overflow |
9519 | LHA LHarc Format 2 Header Pathname Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_273cc1a30d6b11d98a8a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-294.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-295.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-13.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-440.nasl - Type : ACT_GATHER_INFO |
2004-09-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-323.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:48:38 |
|