Executive Summary
Summary | |
---|---|
Title | New lha packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-515 | First vendor Publication | 2004-06-05 |
Vendor | Debian | Last vendor Modification | 2004-06-05 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Two vulnerabilities were discovered in lha: - CAN-2004-0234 - Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14 allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. - CAN-2004-0235 - Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). For the current stable distribution (woody), these problems have been fixed in version 1.14i-2woody1. For the unstable distribution (sid), these problems have been fixed in version 1.14i-8. We recommend that you update your lha package. |
Original Source
Url : http://www.debian.org/security/2004/dsa-515 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10409 | |||
Oval ID: | oval:org.mitre.oval:def:10409 | ||
Title: | Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). | ||
Description: | Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0235 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11047 | |||
Oval ID: | oval:org.mitre.oval:def:11047 | ||
Title: | Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771. | ||
Description: | Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0769 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9595 | |||
Oval ID: | oval:org.mitre.oval:def:9595 | ||
Title: | Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | ||
Description: | Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0771 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:977 | |||
Oval ID: | oval:org.mitre.oval:def:977 | ||
Title: | Multiple BO Vulnerabilities in LHA get_header Function | ||
Description: | Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0234 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:978 | |||
Oval ID: | oval:org.mitre.oval:def:978 | ||
Title: | Multiple Directory Traversal Vulnerabilities in LHA | ||
Description: | Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0235 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9881 | |||
Oval ID: | oval:org.mitre.oval:def:9881 | ||
Title: | Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. | ||
Description: | Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0234 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2004-04-30 | LHA 1.x Buffer Overflow/Directory Traversal Vulnerabilities |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-02 (lha) File : nvt/glsa_200405_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-13 (lha) File : nvt/glsa_200409_13.nasl |
2008-09-04 | Name : FreeBSD Ports: lha File : nvt/freebsd_lha.nasl |
2008-09-04 | Name : FreeBSD Ports: lha File : nvt/freebsd_lha0.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 515-1 (lha) File : nvt/deb_515_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-125-01 lha update in bin package File : nvt/esoft_slk_ssa_2004_125_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9520 | LHA extract_one Function Overflow |
9519 | LHA LHarc Format 2 Header Pathname Overflow |
5755 | LHA Arbitrary File Access LHA contains a flaw that allows a remote attacker to view arbitrary files on the system. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) which will allow a remote attacker to view arbitrary files on the system, resulting in a loss of confidentiality. |
5753 | LHA get_header() Function File / Directory Name Handling Overflow A remote overflow exists in LHA. The get_header() function fails to perform proper bounds checking resulting in a buffer overflow. By sending an LHA archive containing files with overly long file or directory names, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | F-Secure Anti-Virus LHA processing buffer overflow attempt RuleID : 15966 - Revision : 9 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_273cc1a30d6b11d98a8a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a2ffb6279c5311d893660020ed76ef5a.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-125-01.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-515.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-294.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-295.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-13.nasl - Type : ACT_GATHER_INFO |
2004-09-09 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-440.nasl - Type : ACT_GATHER_INFO |
2004-09-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-323.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200405-02.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-119.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-178.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:20 |
|