All the vulnerabilites related to LHa for UNIX project - LHa for UNIX
jvndb-2004-000197
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
LHA extrace_one Vuffer Overflow Vulnerability
Details
LHA lhext.c contains a buffer overflow vulnerability with the extract_one funcation, which stems from improper handling of a 'w' option argument.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000197.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "LHA lhext.c contains a buffer overflow vulnerability with the extract_one funcation, which stems from improper handling of a \u0027w\u0027 option argument.",
"link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000197.html",
"sec:cpe": [
{
"#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
"@product": "LHa for UNIX",
"@vendor": "LHa for UNIX project",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2004-000197",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0771",
"@id": "CVE-2004-0771",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0771",
"@id": "CVE-2004-0771",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/11093",
"@id": "11093",
"@source": "BID"
},
{
"#text": "http://www.securityfocus.com/bid/10354",
"@id": "10354",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/16196",
"@id": "16196",
"@source": "XF"
}
],
"title": "LHA extrace_one Vuffer Overflow Vulnerability"
}
jvndb-2004-000169
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
LHa Vuffer Overflow Vulnerability in Testing and Extracting Process
Details
LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000169.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow.",
"link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000169.html",
"sec:cpe": [
{
"#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
"@product": "LHa for UNIX",
"@vendor": "LHa for UNIX project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2004-000169",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0234",
"@id": "CVE-2004-0234",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0234",
"@id": "CVE-2004-0234",
"@source": "NVD"
},
{
"#text": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:977",
"@id": "977",
"@source": "OVAL"
},
{
"#text": "http://www.securityfocus.com/bid/10243",
"@id": "10243",
"@source": "BID"
},
{
"#text": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2",
"@id": "LHA Advisory + Patch",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/16012",
"@id": "16012",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1015866",
"@id": "1015866",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/1220",
"@id": "FrSIRT/ADV-2006-1220",
"@source": "FRSIRT"
},
{
"#text": "http://osvdb.org/5753",
"@id": "5753",
"@source": "OSVDB"
},
{
"#text": "http://osvdb.org/5754",
"@id": "5754",
"@source": "OSVDB"
}
],
"title": "LHa Vuffer Overflow Vulnerability in Testing and Extracting Process"
}
jvndb-2004-000196
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
LHA Buffer Overflow Vulnerability with lack of Path Length Validation
Details
LHA is vulnerable to buffer overflow due to improper handling of a pathname in the LHarc Format 2 header for an .LHZ archive.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000196.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "LHA is vulnerable to buffer overflow due to improper handling of a pathname in the LHarc Format 2 header for an .LHZ archive.",
"link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000196.html",
"sec:cpe": [
{
"#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
"@product": "LHa for UNIX",
"@vendor": "LHa for UNIX project",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2004-000196",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0769",
"@id": "CVE-2004-0769",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0769",
"@id": "CVE-2004-0769",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/11093",
"@id": "11093",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/16917",
"@id": "16917",
"@source": "XF"
}
],
"title": "LHA Buffer Overflow Vulnerability with lack of Path Length Validation"
}
jvndb-2004-000170
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Lha Directory Traversal Vulnerability in Testing and Extracting Process
Details
LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.",
"link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
"sec:cpe": [
{
"#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
"@product": "LHa for UNIX",
"@vendor": "LHa for UNIX project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2004-000170",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235",
"@id": "CVE-2004-0235",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0235",
"@id": "CVE-2004-0235",
"@source": "NVD"
},
{
"#text": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:978",
"@id": "978",
"@source": "OVAL"
},
{
"#text": "http://www.securityfocus.com/bid/10243",
"@id": "10243",
"@source": "BID"
},
{
"#text": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2",
"@id": "LHA Advisory + Patch",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/16013",
"@id": "16013",
"@source": "XF"
}
],
"title": "Lha Directory Traversal Vulnerability in Testing and Extracting Process"
}
jvndb-2004-000195
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
LHA Arbitrary Command Execution Vulnerability with Shell Metacharacter in Directory Name
Details
LHA is vulnerable to arbitrary command execution due to improper handling of directory names cantaining shell metacharacters.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000195.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "LHA is vulnerable to arbitrary command execution due to improper handling of directory names cantaining shell metacharacters.",
"link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000195.html",
"sec:cpe": [
{
"#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
"@product": "LHa for UNIX",
"@vendor": "LHa for UNIX project",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2004-000195",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0745",
"@id": "CVE-2004-0745",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0745",
"@id": "CVE-2004-0745",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/11093",
"@id": "11093",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/17198",
"@id": "17198",
"@source": "XF"
}
],
"title": "LHA Arbitrary Command Execution Vulnerability with Shell Metacharacter in Directory Name"
}