CVE-2004-0235

Vulnerability from cvelistv5

Published

2004-05-05 04:00

Modified

2024-08-08 00:10

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=108422737918885&w=2
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200405-02.xml
cve@mitre.org	http://www.debian.org/security/2004/dsa-515
cve@mitre.org	http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2004-178.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2004-179.html
cve@mitre.org	http://www.securityfocus.com/bid/10243	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://bugzilla.fedora.us/show_bug.cgi?id=1833
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:03.724Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CLA-2004:840",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840"
          },
          {
            "name": "FEDORA-2004-119",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html"
          },
          {
            "name": "10243",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10243"
          },
          {
            "name": "20040501 LHa buffer overflows and directory traversal problems",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html"
          },
          {
            "name": "lha-directory-traversal(16013)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013"
          },
          {
            "name": "RHSA-2004:179",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-179.html"
          },
          {
            "name": "FLSA:1833",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
          },
          {
            "name": "DSA-515",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-515"
          },
          {
            "name": "20040510 [Ulf Harnhammar]: LHA Advisory + Patch",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2"
          },
          {
            "name": "GLSA-200405-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
          },
          {
            "name": "RHSA-2004:178",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-178.html"
          },
          {
            "name": "oval:org.mitre.oval:def:978",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978"
          },
          {
            "name": "oval:org.mitre.oval:def:10409",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\")."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CLA-2004:840",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840"
        },
        {
          "name": "FEDORA-2004-119",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html"
        },
        {
          "name": "10243",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10243"
        },
        {
          "name": "20040501 LHa buffer overflows and directory traversal problems",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html"
        },
        {
          "name": "lha-directory-traversal(16013)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013"
        },
        {
          "name": "RHSA-2004:179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-179.html"
        },
        {
          "name": "FLSA:1833",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
        },
        {
          "name": "DSA-515",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-515"
        },
        {
          "name": "20040510 [Ulf Harnhammar]: LHA Advisory + Patch",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2"
        },
        {
          "name": "GLSA-200405-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
        },
        {
          "name": "RHSA-2004:178",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-178.html"
        },
        {
          "name": "oval:org.mitre.oval:def:978",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978"
        },
        {
          "name": "oval:org.mitre.oval:def:10409",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0235",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\")."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CLA-2004:840",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840"
            },
            {
              "name": "FEDORA-2004-119",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html"
            },
            {
              "name": "10243",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10243"
            },
            {
              "name": "20040501 LHa buffer overflows and directory traversal problems",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html"
            },
            {
              "name": "lha-directory-traversal(16013)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013"
            },
            {
              "name": "RHSA-2004:179",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-179.html"
            },
            {
              "name": "FLSA:1833",
              "refsource": "FEDORA",
              "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
            },
            {
              "name": "DSA-515",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-515"
            },
            {
              "name": "20040510 [Ulf Harnhammar]: LHA Advisory + Patch",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2"
            },
            {
              "name": "GLSA-200405-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
            },
            {
              "name": "RHSA-2004:178",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-178.html"
            },
            {
              "name": "oval:org.mitre.oval:def:978",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978"
            },
            {
              "name": "oval:org.mitre.oval:def:10409",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0235",
    "datePublished": "2004-05-05T04:00:00",
    "dateReserved": "2004-03-17T00:00:00",
    "dateUpdated": "2024-08-08T00:10:03.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-0235\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-08-18T04:00:00.000\",\"lastModified\":\"2017-10-11T01:29:24.810\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\\\"//absolute/path\\\").\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de atravesamiento de directorios en LHA 1.14 permite a atacantes locales o usuarios locales crear ficheros arbitrarios mediante un archivo LHA conteniendo nombres de fichero con secuencias (1) \\\"..\\\" (punto punto) o (2) rutas absolutas con barra inicial doble (\\\"//ruta/absoluta\\\").\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.4},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFE4FA19-F2EA-4292-A441-2E4A39366942\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA5D7FD1-D5AB-4987-801A-FA464C31298A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"772710C7-41FE-47E2-B0D7-A3C8D36C8808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7358AD98-44C1-4CC4-BD50-CFF3822F3A96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAA1C283-E518-4BC6-BBF0-FCE09F9E0F17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8A74FB-07B0-42D6-ABF3-D7A073A329E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49668AFD-4821-4D5A-BEBD-DF55A8AB58C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E0BFFD-D777-43A5-AEE8-765F55C86E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAF9A151-6EBF-4760-A154-A34FF7C9E632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA12B965-672C-444D-9774-0F76FE47EA29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C9B32C-5EC9-46BD-AA77-F414A143576C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823C27EB-C00F-4A7E-B832-013A50A1EE2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD217379-28E7-465E-843D-E7204EE0E89F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB96CB8A-59F3-4624-B2BA-687ECF929B79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*\",\"matchCriteriaId\":\"6CC9AA17-3EF4-4BC5-9E29-5A6525B9AC51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*\",\"matchCriteriaId\":\"A9C60C23-FC4D-4D14-B3E3-ECD797888AB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_workstations:*:*:*:*:*\",\"matchCriteriaId\":\"D04E2381-68CB-455F-8878-17C8E4112C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*\",\"matchCriteriaId\":\"4AE00A20-8152-48D9-9AC4-EA359284E635\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*\",\"matchCriteriaId\":\"6B334073-9FF3-4F75-8702-51DB6937B7F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*\",\"matchCriteriaId\":\"2D553EF0-6A08-4DD0-A301-99AADAFBFFBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*\",\"matchCriteriaId\":\"C8C41338-0651-425E-A823-C8CBD91977D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*\",\"matchCriteriaId\":\"46F72328-7B69-4A1B-A065-E65544F27A75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*\",\"matchCriteriaId\":\"2BA28970-0DB9-433E-83A1-36BF05DB062A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*\",\"matchCriteriaId\":\"C0D25A1D-2B31-4B29-96FE-A793F8244F66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*\",\"matchCriteriaId\":\"AC90ADFD-32FE-4EA1-9583-5EFE585152CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*\",\"matchCriteriaId\":\"B490FC59-616A-4F90-95D8-50F9C0D6CB40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*\",\"matchCriteriaId\":\"858468E0-4208-4703-A3AA-4BF6CC254DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*\",\"matchCriteriaId\":\"4E26052D-35B8-44E7-8F66-442BA55F4483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*\",\"matchCriteriaId\":\"CBA4A9B7-626A-4539-852F-96C49D860E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*\",\"matchCriteriaId\":\"19828867-7079-4233-A3B8-BF7A3052FB8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831F0C4D-C85F-46DA-BC9E-D3F56DE2B085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F996B07-8B07-42A6-86FC-B5B55F708861\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_for_firewalls:6.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"119D5A71-E7C2-4603-9D78-A161D82BC2D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6689D4E1-F8DC-46D9-BA35-4E4AE9C28456\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0429B86A-F228-44E8-ABBB-D57BEE3679F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_personal_express:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72DE7015-C1FF-4803-8B28-5AF5ECC3AAB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_personal_express:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D04F7296-3290-40D1-9CFB-E52FADAE5719\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_personal_express:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9A0DDB6-4B86-430E-879A-C835DBB96C42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC782BFC-6BA0-4823-8A6D-F7D83F55393C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1B09025-47B9-4F77-9DA6-80885E9A4EC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1011521-AEF2-40EB-B671-66B20FF01CC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:lha:1.14i-9:*:i386:*:*:*:*:*\",\"matchCriteriaId\":\"EB59539A-8973-45C8-A553-1B524DA43937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0702A32E-E577-403C-B4D9-15037D7100A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29DC217F-C257-4A3C-9CBD-08010C30BEC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stalker:cgpmcafee:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC4CB399-2E2F-4A73-BA41-3EFB0DBDC404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tsugio_okamoto:lha:1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"081C75A4-FDB1-4941-8276-985570632A82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tsugio_okamoto:lha:1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A623BD1B-DB9A-4545-9970-E3492AA39A33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tsugio_okamoto:lha:1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8984B914-9850-405C-AAE6-A7C266F13BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"523ADB29-C3D5-4C06-89B6-22B5FC68C240\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C84296C-2C8A-4DCD-9751-52951F8BEA9F\"}]}]}],\"references\":[{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200405-02.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2004/dsa-515\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-178.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-179.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/10243\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.fedora.us/show_bug.cgi?id=1833\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/16013\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

rhsa-2004_178

Vulnerability from csaf_redhat

Published

2004-05-26 07:46

Modified

2024-11-21 23:02

Summary

Red Hat Security Advisory: lha security update

Notes

Topic

An updated LHA package that fixes several security vulnerabilities is now available.

Details

LHA is an archiving and compression utility for LHarc format archives. Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0234 to this issue. An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0235 to this issue. Users of LHA should update to this updated package which contains backported patches not vulnerable to these issues. Red Hat would like to thank Ulf Harnhammar for disclosing and providing test cases and patches for these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated LHA package that fixes several security vulnerabilities is now\navailable.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "LHA is an archiving and compression utility for LHarc format archives.\n\nUlf Harnhammar discovered two stack buffer overflows and two directory\ntraversal flaws in LHA.  An attacker could exploit the buffer overflows by\ncreating a carefully crafted LHA archive in such a way that arbitrary code\nwould be executed when the archive is tested or extracted by a victim.  The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0234 to this issue.  An attacker could exploit\nthe directory traversal issues to create files as the victim outside of the\nexpected directory.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0235 to this issue.\n\nUsers of LHA should update to this updated package which contains\nbackported patches not vulnerable to these issues.\n\nRed Hat would like to thank Ulf Harnhammar for disclosing and providing\ntest cases and patches for these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:178",
        "url": "https://access.redhat.com/errata/RHSA-2004:178"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "121417",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=121417"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_178.json"
      }
    ],
    "title": "Red Hat Security Advisory: lha security update",
    "tracking": {
      "current_release_date": "2024-11-21T23:02:47+00:00",
      "generator": {
        "date": "2024-11-21T23:02:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:178",
      "initial_release_date": "2004-05-26T07:46:00+00:00",
      "revision_history": [
        {
          "date": "2004-05-26T07:46:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-05-26T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:02:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3",
                  "product_id": "3AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3",
                "product": {
                  "name": "Red Hat Desktop version 3",
                  "product_id": "3Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3",
                  "product_id": "3ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3",
                  "product_id": "3WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lha-0:1.14i-10.2.ia64",
                "product": {
                  "name": "lha-0:1.14i-10.2.ia64",
                  "product_id": "lha-0:1.14i-10.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha@1.14i-10.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "lha-debuginfo-0:1.14i-10.2.ia64",
                "product": {
                  "name": "lha-debuginfo-0:1.14i-10.2.ia64",
                  "product_id": "lha-debuginfo-0:1.14i-10.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha-debuginfo@1.14i-10.2?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lha-0:1.14i-10.2.src",
                "product": {
                  "name": "lha-0:1.14i-10.2.src",
                  "product_id": "lha-0:1.14i-10.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha@1.14i-10.2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lha-0:1.14i-10.2.x86_64",
                "product": {
                  "name": "lha-0:1.14i-10.2.x86_64",
                  "product_id": "lha-0:1.14i-10.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha@1.14i-10.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "lha-debuginfo-0:1.14i-10.2.x86_64",
                "product": {
                  "name": "lha-debuginfo-0:1.14i-10.2.x86_64",
                  "product_id": "lha-debuginfo-0:1.14i-10.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha-debuginfo@1.14i-10.2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lha-0:1.14i-10.2.i386",
                "product": {
                  "name": "lha-0:1.14i-10.2.i386",
                  "product_id": "lha-0:1.14i-10.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha@1.14i-10.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "lha-debuginfo-0:1.14i-10.2.i386",
                "product": {
                  "name": "lha-debuginfo-0:1.14i-10.2.i386",
                  "product_id": "lha-debuginfo-0:1.14i-10.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha-debuginfo@1.14i-10.2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lha-0:1.14i-10.2.ppc",
                "product": {
                  "name": "lha-0:1.14i-10.2.ppc",
                  "product_id": "lha-0:1.14i-10.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha@1.14i-10.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "lha-debuginfo-0:1.14i-10.2.ppc",
                "product": {
                  "name": "lha-debuginfo-0:1.14i-10.2.ppc",
                  "product_id": "lha-debuginfo-0:1.14i-10.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha-debuginfo@1.14i-10.2?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lha-0:1.14i-10.2.s390x",
                "product": {
                  "name": "lha-0:1.14i-10.2.s390x",
                  "product_id": "lha-0:1.14i-10.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha@1.14i-10.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "lha-debuginfo-0:1.14i-10.2.s390x",
                "product": {
                  "name": "lha-debuginfo-0:1.14i-10.2.s390x",
                  "product_id": "lha-debuginfo-0:1.14i-10.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha-debuginfo@1.14i-10.2?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lha-0:1.14i-10.2.s390",
                "product": {
                  "name": "lha-0:1.14i-10.2.s390",
                  "product_id": "lha-0:1.14i-10.2.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha@1.14i-10.2?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "lha-debuginfo-0:1.14i-10.2.s390",
                "product": {
                  "name": "lha-debuginfo-0:1.14i-10.2.s390",
                  "product_id": "lha-debuginfo-0:1.14i-10.2.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/lha-debuginfo@1.14i-10.2?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.i386 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-0:1.14i-10.2.i386"
        },
        "product_reference": "lha-0:1.14i-10.2.i386",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.ia64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-0:1.14i-10.2.ia64"
        },
        "product_reference": "lha-0:1.14i-10.2.ia64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.ppc as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-0:1.14i-10.2.ppc"
        },
        "product_reference": "lha-0:1.14i-10.2.ppc",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.s390 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-0:1.14i-10.2.s390"
        },
        "product_reference": "lha-0:1.14i-10.2.s390",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.s390x as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-0:1.14i-10.2.s390x"
        },
        "product_reference": "lha-0:1.14i-10.2.s390x",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.src as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-0:1.14i-10.2.src"
        },
        "product_reference": "lha-0:1.14i-10.2.src",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-0:1.14i-10.2.x86_64"
        },
        "product_reference": "lha-0:1.14i-10.2.x86_64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.i386 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-debuginfo-0:1.14i-10.2.i386"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.i386",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.ia64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-debuginfo-0:1.14i-10.2.ia64"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.ia64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.ppc as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-debuginfo-0:1.14i-10.2.ppc"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.ppc",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.s390 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-debuginfo-0:1.14i-10.2.s390"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.s390",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.s390x as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-debuginfo-0:1.14i-10.2.s390x"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.s390x",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:lha-debuginfo-0:1.14i-10.2.x86_64"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.x86_64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.i386 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-0:1.14i-10.2.i386"
        },
        "product_reference": "lha-0:1.14i-10.2.i386",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.ia64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-0:1.14i-10.2.ia64"
        },
        "product_reference": "lha-0:1.14i-10.2.ia64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.ppc as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-0:1.14i-10.2.ppc"
        },
        "product_reference": "lha-0:1.14i-10.2.ppc",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.s390 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-0:1.14i-10.2.s390"
        },
        "product_reference": "lha-0:1.14i-10.2.s390",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.s390x as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-0:1.14i-10.2.s390x"
        },
        "product_reference": "lha-0:1.14i-10.2.s390x",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.src as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-0:1.14i-10.2.src"
        },
        "product_reference": "lha-0:1.14i-10.2.src",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.x86_64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-0:1.14i-10.2.x86_64"
        },
        "product_reference": "lha-0:1.14i-10.2.x86_64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.i386 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-debuginfo-0:1.14i-10.2.i386"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.i386",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.ia64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-debuginfo-0:1.14i-10.2.ia64"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.ia64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.ppc as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-debuginfo-0:1.14i-10.2.ppc"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.ppc",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.s390 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-debuginfo-0:1.14i-10.2.s390"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.s390",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.s390x as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-debuginfo-0:1.14i-10.2.s390x"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.s390x",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.x86_64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:lha-debuginfo-0:1.14i-10.2.x86_64"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.x86_64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.i386 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-0:1.14i-10.2.i386"
        },
        "product_reference": "lha-0:1.14i-10.2.i386",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.ia64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-0:1.14i-10.2.ia64"
        },
        "product_reference": "lha-0:1.14i-10.2.ia64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.ppc as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-0:1.14i-10.2.ppc"
        },
        "product_reference": "lha-0:1.14i-10.2.ppc",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.s390 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-0:1.14i-10.2.s390"
        },
        "product_reference": "lha-0:1.14i-10.2.s390",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.s390x as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-0:1.14i-10.2.s390x"
        },
        "product_reference": "lha-0:1.14i-10.2.s390x",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.src as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-0:1.14i-10.2.src"
        },
        "product_reference": "lha-0:1.14i-10.2.src",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-0:1.14i-10.2.x86_64"
        },
        "product_reference": "lha-0:1.14i-10.2.x86_64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.i386 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-debuginfo-0:1.14i-10.2.i386"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.i386",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.ia64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-debuginfo-0:1.14i-10.2.ia64"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.ia64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.ppc as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-debuginfo-0:1.14i-10.2.ppc"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.ppc",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.s390 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-debuginfo-0:1.14i-10.2.s390"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.s390",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.s390x as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-debuginfo-0:1.14i-10.2.s390x"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.s390x",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:lha-debuginfo-0:1.14i-10.2.x86_64"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.x86_64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.i386 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-0:1.14i-10.2.i386"
        },
        "product_reference": "lha-0:1.14i-10.2.i386",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.ia64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-0:1.14i-10.2.ia64"
        },
        "product_reference": "lha-0:1.14i-10.2.ia64",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.ppc as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-0:1.14i-10.2.ppc"
        },
        "product_reference": "lha-0:1.14i-10.2.ppc",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.s390 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-0:1.14i-10.2.s390"
        },
        "product_reference": "lha-0:1.14i-10.2.s390",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.s390x as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-0:1.14i-10.2.s390x"
        },
        "product_reference": "lha-0:1.14i-10.2.s390x",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.src as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-0:1.14i-10.2.src"
        },
        "product_reference": "lha-0:1.14i-10.2.src",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-0:1.14i-10.2.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-0:1.14i-10.2.x86_64"
        },
        "product_reference": "lha-0:1.14i-10.2.x86_64",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.i386 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-debuginfo-0:1.14i-10.2.i386"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.i386",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.ia64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-debuginfo-0:1.14i-10.2.ia64"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.ia64",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.ppc as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-debuginfo-0:1.14i-10.2.ppc"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.ppc",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.s390 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-debuginfo-0:1.14i-10.2.s390"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.s390",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.s390x as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-debuginfo-0:1.14i-10.2.s390x"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.s390x",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lha-debuginfo-0:1.14i-10.2.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:lha-debuginfo-0:1.14i-10.2.x86_64"
        },
        "product_reference": "lha-debuginfo-0:1.14i-10.2.x86_64",
        "relates_to_product_reference": "3WS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Ulf H\u00e4rnhammar"
          ]
        }
      ],
      "cve": "CVE-2004-0234",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618362"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS:lha-0:1.14i-10.2.i386",
          "3AS:lha-0:1.14i-10.2.ia64",
          "3AS:lha-0:1.14i-10.2.ppc",
          "3AS:lha-0:1.14i-10.2.s390",
          "3AS:lha-0:1.14i-10.2.s390x",
          "3AS:lha-0:1.14i-10.2.src",
          "3AS:lha-0:1.14i-10.2.x86_64",
          "3AS:lha-debuginfo-0:1.14i-10.2.i386",
          "3AS:lha-debuginfo-0:1.14i-10.2.ia64",
          "3AS:lha-debuginfo-0:1.14i-10.2.ppc",
          "3AS:lha-debuginfo-0:1.14i-10.2.s390",
          "3AS:lha-debuginfo-0:1.14i-10.2.s390x",
          "3AS:lha-debuginfo-0:1.14i-10.2.x86_64",
          "3Desktop:lha-0:1.14i-10.2.i386",
          "3Desktop:lha-0:1.14i-10.2.ia64",
          "3Desktop:lha-0:1.14i-10.2.ppc",
          "3Desktop:lha-0:1.14i-10.2.s390",
          "3Desktop:lha-0:1.14i-10.2.s390x",
          "3Desktop:lha-0:1.14i-10.2.src",
          "3Desktop:lha-0:1.14i-10.2.x86_64",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.i386",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.ia64",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.ppc",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.s390",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.s390x",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.x86_64",
          "3ES:lha-0:1.14i-10.2.i386",
          "3ES:lha-0:1.14i-10.2.ia64",
          "3ES:lha-0:1.14i-10.2.ppc",
          "3ES:lha-0:1.14i-10.2.s390",
          "3ES:lha-0:1.14i-10.2.s390x",
          "3ES:lha-0:1.14i-10.2.src",
          "3ES:lha-0:1.14i-10.2.x86_64",
          "3ES:lha-debuginfo-0:1.14i-10.2.i386",
          "3ES:lha-debuginfo-0:1.14i-10.2.ia64",
          "3ES:lha-debuginfo-0:1.14i-10.2.ppc",
          "3ES:lha-debuginfo-0:1.14i-10.2.s390",
          "3ES:lha-debuginfo-0:1.14i-10.2.s390x",
          "3ES:lha-debuginfo-0:1.14i-10.2.x86_64",
          "3WS:lha-0:1.14i-10.2.i386",
          "3WS:lha-0:1.14i-10.2.ia64",
          "3WS:lha-0:1.14i-10.2.ppc",
          "3WS:lha-0:1.14i-10.2.s390",
          "3WS:lha-0:1.14i-10.2.s390x",
          "3WS:lha-0:1.14i-10.2.src",
          "3WS:lha-0:1.14i-10.2.x86_64",
          "3WS:lha-debuginfo-0:1.14i-10.2.i386",
          "3WS:lha-debuginfo-0:1.14i-10.2.ia64",
          "3WS:lha-debuginfo-0:1.14i-10.2.ppc",
          "3WS:lha-debuginfo-0:1.14i-10.2.s390",
          "3WS:lha-debuginfo-0:1.14i-10.2.s390x",
          "3WS:lha-debuginfo-0:1.14i-10.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0234"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618362",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618362"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0234"
        }
      ],
      "release_date": "2004-05-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-05-26T07:46:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "3AS:lha-0:1.14i-10.2.i386",
            "3AS:lha-0:1.14i-10.2.ia64",
            "3AS:lha-0:1.14i-10.2.ppc",
            "3AS:lha-0:1.14i-10.2.s390",
            "3AS:lha-0:1.14i-10.2.s390x",
            "3AS:lha-0:1.14i-10.2.src",
            "3AS:lha-0:1.14i-10.2.x86_64",
            "3AS:lha-debuginfo-0:1.14i-10.2.i386",
            "3AS:lha-debuginfo-0:1.14i-10.2.ia64",
            "3AS:lha-debuginfo-0:1.14i-10.2.ppc",
            "3AS:lha-debuginfo-0:1.14i-10.2.s390",
            "3AS:lha-debuginfo-0:1.14i-10.2.s390x",
            "3AS:lha-debuginfo-0:1.14i-10.2.x86_64",
            "3Desktop:lha-0:1.14i-10.2.i386",
            "3Desktop:lha-0:1.14i-10.2.ia64",
            "3Desktop:lha-0:1.14i-10.2.ppc",
            "3Desktop:lha-0:1.14i-10.2.s390",
            "3Desktop:lha-0:1.14i-10.2.s390x",
            "3Desktop:lha-0:1.14i-10.2.src",
            "3Desktop:lha-0:1.14i-10.2.x86_64",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.i386",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.ia64",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.ppc",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.s390",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.s390x",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.x86_64",
            "3ES:lha-0:1.14i-10.2.i386",
            "3ES:lha-0:1.14i-10.2.ia64",
            "3ES:lha-0:1.14i-10.2.ppc",
            "3ES:lha-0:1.14i-10.2.s390",
            "3ES:lha-0:1.14i-10.2.s390x",
            "3ES:lha-0:1.14i-10.2.src",
            "3ES:lha-0:1.14i-10.2.x86_64",
            "3ES:lha-debuginfo-0:1.14i-10.2.i386",
            "3ES:lha-debuginfo-0:1.14i-10.2.ia64",
            "3ES:lha-debuginfo-0:1.14i-10.2.ppc",
            "3ES:lha-debuginfo-0:1.14i-10.2.s390",
            "3ES:lha-debuginfo-0:1.14i-10.2.s390x",
            "3ES:lha-debuginfo-0:1.14i-10.2.x86_64",
            "3WS:lha-0:1.14i-10.2.i386",
            "3WS:lha-0:1.14i-10.2.ia64",
            "3WS:lha-0:1.14i-10.2.ppc",
            "3WS:lha-0:1.14i-10.2.s390",
            "3WS:lha-0:1.14i-10.2.s390x",
            "3WS:lha-0:1.14i-10.2.src",
            "3WS:lha-0:1.14i-10.2.x86_64",
            "3WS:lha-debuginfo-0:1.14i-10.2.i386",
            "3WS:lha-debuginfo-0:1.14i-10.2.ia64",
            "3WS:lha-debuginfo-0:1.14i-10.2.ppc",
            "3WS:lha-debuginfo-0:1.14i-10.2.s390",
            "3WS:lha-debuginfo-0:1.14i-10.2.s390x",
            "3WS:lha-debuginfo-0:1.14i-10.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:178"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ulf H\u00e4rnhammar"
          ]
        }
      ],
      "cve": "CVE-2004-0235",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617184"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\").",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS:lha-0:1.14i-10.2.i386",
          "3AS:lha-0:1.14i-10.2.ia64",
          "3AS:lha-0:1.14i-10.2.ppc",
          "3AS:lha-0:1.14i-10.2.s390",
          "3AS:lha-0:1.14i-10.2.s390x",
          "3AS:lha-0:1.14i-10.2.src",
          "3AS:lha-0:1.14i-10.2.x86_64",
          "3AS:lha-debuginfo-0:1.14i-10.2.i386",
          "3AS:lha-debuginfo-0:1.14i-10.2.ia64",
          "3AS:lha-debuginfo-0:1.14i-10.2.ppc",
          "3AS:lha-debuginfo-0:1.14i-10.2.s390",
          "3AS:lha-debuginfo-0:1.14i-10.2.s390x",
          "3AS:lha-debuginfo-0:1.14i-10.2.x86_64",
          "3Desktop:lha-0:1.14i-10.2.i386",
          "3Desktop:lha-0:1.14i-10.2.ia64",
          "3Desktop:lha-0:1.14i-10.2.ppc",
          "3Desktop:lha-0:1.14i-10.2.s390",
          "3Desktop:lha-0:1.14i-10.2.s390x",
          "3Desktop:lha-0:1.14i-10.2.src",
          "3Desktop:lha-0:1.14i-10.2.x86_64",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.i386",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.ia64",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.ppc",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.s390",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.s390x",
          "3Desktop:lha-debuginfo-0:1.14i-10.2.x86_64",
          "3ES:lha-0:1.14i-10.2.i386",
          "3ES:lha-0:1.14i-10.2.ia64",
          "3ES:lha-0:1.14i-10.2.ppc",
          "3ES:lha-0:1.14i-10.2.s390",
          "3ES:lha-0:1.14i-10.2.s390x",
          "3ES:lha-0:1.14i-10.2.src",
          "3ES:lha-0:1.14i-10.2.x86_64",
          "3ES:lha-debuginfo-0:1.14i-10.2.i386",
          "3ES:lha-debuginfo-0:1.14i-10.2.ia64",
          "3ES:lha-debuginfo-0:1.14i-10.2.ppc",
          "3ES:lha-debuginfo-0:1.14i-10.2.s390",
          "3ES:lha-debuginfo-0:1.14i-10.2.s390x",
          "3ES:lha-debuginfo-0:1.14i-10.2.x86_64",
          "3WS:lha-0:1.14i-10.2.i386",
          "3WS:lha-0:1.14i-10.2.ia64",
          "3WS:lha-0:1.14i-10.2.ppc",
          "3WS:lha-0:1.14i-10.2.s390",
          "3WS:lha-0:1.14i-10.2.s390x",
          "3WS:lha-0:1.14i-10.2.src",
          "3WS:lha-0:1.14i-10.2.x86_64",
          "3WS:lha-debuginfo-0:1.14i-10.2.i386",
          "3WS:lha-debuginfo-0:1.14i-10.2.ia64",
          "3WS:lha-debuginfo-0:1.14i-10.2.ppc",
          "3WS:lha-debuginfo-0:1.14i-10.2.s390",
          "3WS:lha-debuginfo-0:1.14i-10.2.s390x",
          "3WS:lha-debuginfo-0:1.14i-10.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0235"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617184",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617184"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0235"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0235"
        }
      ],
      "release_date": "2004-05-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-05-26T07:46:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "3AS:lha-0:1.14i-10.2.i386",
            "3AS:lha-0:1.14i-10.2.ia64",
            "3AS:lha-0:1.14i-10.2.ppc",
            "3AS:lha-0:1.14i-10.2.s390",
            "3AS:lha-0:1.14i-10.2.s390x",
            "3AS:lha-0:1.14i-10.2.src",
            "3AS:lha-0:1.14i-10.2.x86_64",
            "3AS:lha-debuginfo-0:1.14i-10.2.i386",
            "3AS:lha-debuginfo-0:1.14i-10.2.ia64",
            "3AS:lha-debuginfo-0:1.14i-10.2.ppc",
            "3AS:lha-debuginfo-0:1.14i-10.2.s390",
            "3AS:lha-debuginfo-0:1.14i-10.2.s390x",
            "3AS:lha-debuginfo-0:1.14i-10.2.x86_64",
            "3Desktop:lha-0:1.14i-10.2.i386",
            "3Desktop:lha-0:1.14i-10.2.ia64",
            "3Desktop:lha-0:1.14i-10.2.ppc",
            "3Desktop:lha-0:1.14i-10.2.s390",
            "3Desktop:lha-0:1.14i-10.2.s390x",
            "3Desktop:lha-0:1.14i-10.2.src",
            "3Desktop:lha-0:1.14i-10.2.x86_64",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.i386",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.ia64",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.ppc",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.s390",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.s390x",
            "3Desktop:lha-debuginfo-0:1.14i-10.2.x86_64",
            "3ES:lha-0:1.14i-10.2.i386",
            "3ES:lha-0:1.14i-10.2.ia64",
            "3ES:lha-0:1.14i-10.2.ppc",
            "3ES:lha-0:1.14i-10.2.s390",
            "3ES:lha-0:1.14i-10.2.s390x",
            "3ES:lha-0:1.14i-10.2.src",
            "3ES:lha-0:1.14i-10.2.x86_64",
            "3ES:lha-debuginfo-0:1.14i-10.2.i386",
            "3ES:lha-debuginfo-0:1.14i-10.2.ia64",
            "3ES:lha-debuginfo-0:1.14i-10.2.ppc",
            "3ES:lha-debuginfo-0:1.14i-10.2.s390",
            "3ES:lha-debuginfo-0:1.14i-10.2.s390x",
            "3ES:lha-debuginfo-0:1.14i-10.2.x86_64",
            "3WS:lha-0:1.14i-10.2.i386",
            "3WS:lha-0:1.14i-10.2.ia64",
            "3WS:lha-0:1.14i-10.2.ppc",
            "3WS:lha-0:1.14i-10.2.s390",
            "3WS:lha-0:1.14i-10.2.s390x",
            "3WS:lha-0:1.14i-10.2.src",
            "3WS:lha-0:1.14i-10.2.x86_64",
            "3WS:lha-debuginfo-0:1.14i-10.2.i386",
            "3WS:lha-debuginfo-0:1.14i-10.2.ia64",
            "3WS:lha-debuginfo-0:1.14i-10.2.ppc",
            "3WS:lha-debuginfo-0:1.14i-10.2.s390",
            "3WS:lha-debuginfo-0:1.14i-10.2.s390x",
            "3WS:lha-debuginfo-0:1.14i-10.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:178"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2004_179

Vulnerability from csaf_redhat

Published

2004-04-30 07:22

Modified

2024-11-21 23:02

Summary

Red Hat Security Advisory: : An updated LHA package fixes security vulnerabilities

Notes

Topic

An updated LHA package that fixes several security vulnerabilities is now available.

Details

LHA is an archiving and compression utility for LHarc format archives. Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0234 to this issue. An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0235 to this issue. Users of LHA should update to this updated packages which contain backported patches not vulnerable to these issues. Red Hat would like to thank Ulf Harnhammar for disclosing and providing test cases and patches for these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated LHA package that fixes several security vulnerabilities is now\navailable.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "LHA is an archiving and compression utility for LHarc format archives.\n\nUlf Harnhammar discovered two stack buffer overflows and two directory\ntraversal flaws in LHA.  An attacker could exploit the buffer overflows by\ncreating a carefully crafted LHA archive in such a way that arbitrary code\nwould be executed when the archive is tested or extracted by a victim.  The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0234 to this issue.  An attacker could exploit\nthe directory traversal issues to create files as the victim outside of the\nexpected directory.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0235 to this issue.\n\nUsers of LHA should update to this updated packages which contain\nbackported patches not vulnerable to these issues.\n\nRed Hat would like to thank Ulf Harnhammar for disclosing and providing\ntest cases and patches for these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:179",
        "url": "https://access.redhat.com/errata/RHSA-2004:179"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_179.json"
      }
    ],
    "title": "Red Hat Security Advisory: : An updated LHA package fixes security vulnerabilities",
    "tracking": {
      "current_release_date": "2024-11-21T23:02:52+00:00",
      "generator": {
        "date": "2024-11-21T23:02:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:179",
      "initial_release_date": "2004-04-30T07:22:00+00:00",
      "revision_history": [
        {
          "date": "2004-04-30T07:22:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-04-30T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:02:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Ulf H\u00e4rnhammar"
          ]
        }
      ],
      "cve": "CVE-2004-0234",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618362"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0234"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618362",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618362"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0234"
        }
      ],
      "release_date": "2004-05-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-04-30T07:22:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:179"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ulf H\u00e4rnhammar"
          ]
        }
      ],
      "cve": "CVE-2004-0235",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617184"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\").",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0235"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617184",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617184"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0235"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0235"
        }
      ],
      "release_date": "2004-05-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-04-30T07:22:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:179"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

var-200408-0141

Vulnerability from variot

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). The first issues reported have been assigned the CVE candidate identifier (CAN-2004-0234). LHA is reported prone to two stack-based buffer-overflow vulnerabilities. An attacker may exploit these vulnerabilities to execute supplied instructions with the privileges of the user who invoked the affected LHA utility. The second set of issues has been assigned CVE candidate identifier (CAN-2004-0235). In addition to the buffer-overflow vulnerabilities that were reported, LHA has been reported prone to several directory-traversal issues. An attacker may likely exploit these directory-traversal vulnerabilities to corrupt/overwrite files in the context of the user who is running the affected LHA utility. NOTE: Reportedly, this issue may also cause a denial-of-service condition in the ClearSwift MAILsweeper products due to code dependency. Update: Many F-Secure Anti-Virus products are also reported prone to the buffer-overflow vulnerability. LHa is a console-based decompression program. Carefully constructed file or directory names can execute arbitrary commands with process privileges. Attackers can build simple packages that corrupt system files when LHA operates. ------------------------------------------------------------------------

LHa buffer overflows and directory traversal problems

PROGRAM: LHa (Unix version) VENDOR: various people VULNERABLE VERSIONS: 1.14d to 1.14i 1.17 (Linux binary) possibly others IMMUNE VERSIONS: 1.14i with my patch applied 1.14h with my patch applied LHa 1.14: http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm http://www2m.biglobe.ne.jp/~dolphin/lha/prog/ LHa 1.17: http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/ REFERENCES: CAN-2004-0234 (buffer overflows) CAN-2004-0235 (directory traversal)

DESCRIPTION *

LHa is a console-based program for packing and unpacking LHarc archives.

It is one of the packages in Red Hat Linux, Fedora Core, SUSE Linux, Debian GNU/Linux (non-free), Mandrakelinux, Slackware Linux, Gentoo Linux, Yellow Dog Linux, Conectiva Linux and ALT Linux. It is also included in the port/package collections for FreeBSD, OpenBSD and NetBSD.

OVERVIEW *

LHa has two stack-based buffer overflows and two directory traversal problems. They can be abused by malicious people in many different ways: some mail virus scanners require LHa and run it automatically on attached files in e-mail messages. Some web applications allow uploading and unpacking of LHarc archives. Some people set up their web browsers to start LHa automatically after downloading an LHarc archive. Finally, social engineering is probably quite effective in this case.

TECHNICAL DETAILS *

a) two stack-based buffer overflows

The buffer overflows in LHa occur when testing (t) or extracting (x) archives where the archive contents have too long filenames or directory names. The cause of the problem is the function get_header() in header.c. This function first reads the lengths of filenames or directory names from the archive, and then it reads that many bytes to a char array (one for filenames and one for directory names) without checking if the array is big enough.

By exploiting this bug, you get control over several registers including EIP, as you can see in this session capture:

$ lha t buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Segmentation fault $ lha x buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Segmentation fault $ gdb lha GNU gdb Red Hat Linux (5.3post-0.20021129.18rh) Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... (gdb) r x buf_oflow.lha Starting program: /usr/bin/lha x buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU

Program received signal SIGSEGV, Segmentation fault. 0x55555555 in ?? () (gdb) bt

0 0x55555555 in ?? ()

Cannot access memory at address 0x55555555 (gdb) i r eax 0x4001e4a0 1073865888 ecx 0xffffffe0 -32 edx 0x24 36 ebx 0x55555555 1431655765 esp 0xbfffdd50 0xbfffdd50 ebp 0x55555555 0x55555555 esi 0x55555555 1431655765 edi 0x55555555 1431655765 eip 0x55555555 0x55555555 eflags 0x210282 2163330 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x33 51 (gdb) r t buf_oflow.lha The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /usr/bin/lha t buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU

Program received signal SIGSEGV, Segmentation fault. 0x55555555 in ?? () (gdb) bt

0 0x55555555 in ?? ()

Cannot access memory at address 0x55555555 (gdb) i r eax 0x4001e4a0 1073865888 ecx 0xffffffe0 -32 edx 0x24 36 ebx 0x55555555 1431655765 esp 0xbfffe6d0 0xbfffe6d0 ebp 0x55555555 0x55555555 esi 0x55555555 1431655765 edi 0x55555555 1431655765 eip 0x55555555 0x55555555 eflags 0x210286 2163334 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x33 51 (gdb) q The program is running. Exit anyway? (y or n) y $

b) two directory traversal problems

LHa has directory traversal problems, both with absolute paths and relative paths. There is no protection against relative paths at all, so you can simply use the lha binary to create an archive with paths like "../../../../../etc/cron.d/evil". There is some simple protection against absolute paths, namely skipping the first character if it is a slash, but again you can simply use the binary to create archives with paths like "//etc/cron.d/evil".

ATTACHED FILES *

I have written a patch against version 1.14i that corrects all four problems. The patch is included as an attachment, together with some test archives.

TIMELINE *

18 Apr: contacted the vendor-sec list and the LHa 1.14 author 18 Apr: tried to contact the LHa 1.17 author with a web form and a guessed e-mail address which bounced 19 Apr: reply from the vendor-sec list with CVE references 30 Apr: Red Hat released their advisory 01 May: I release this advisory

// Ulf Harnhammar Advogato diary :: http://www.advogato.org/person/metaur/ idiosynkratisk (Swedish electropop zine) :: http://idiosynkratisk.tk/ Debian Security Audit Project :: http://shellcode.org/Audit/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200408-0141",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "lha",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tsugio okamoto",
        "version": "1.17"
      },
      {
        "model": "lha",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tsugio okamoto",
        "version": "1.15"
      },
      {
        "model": "lha",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tsugio okamoto",
        "version": "1.14"
      },
      {
        "model": "winzip",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "winzip",
        "version": "9.0"
      },
      {
        "model": "cgpmcafee",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "stalker",
        "version": "3.2"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "2.4"
      },
      {
        "model": "winrar",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "rarlab",
        "version": "3.20"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "6.32"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "6.31"
      },
      {
        "model": "f-secure for firewalls",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "6.20"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3.13"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3.11"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3.10"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3.8"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3.7"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3.6"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3.5"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3.4"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3.3"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.3"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.2"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.1"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "clearswift",
        "version": "4.0"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "5.52"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "4.60"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "5.42"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "2004"
      },
      {
        "model": "lha",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.14i-9"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "2003"
      },
      {
        "model": "f-secure personal express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "4.5"
      },
      {
        "model": "fedora core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "core_1.0"
      },
      {
        "model": "mailsweeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "clearswift",
        "version": "4.3.6_sp1"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "4.52"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "5.5"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "4.51"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "5.41"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "6.21"
      },
      {
        "model": "f-secure personal express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "4.6"
      },
      {
        "model": "f-secure internet security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "2004"
      },
      {
        "model": "f-secure internet security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "2003"
      },
      {
        "model": "f-secure personal express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "4.7"
      },
      {
        "model": "lha for unix",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "lha for unix",
        "version": "1.17"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "9"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "linux i686",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "lha-1.14i-9.i386.rpm",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "hat fedora core1",
        "scope": null,
        "trust": 0.3,
        "vendor": "red",
        "version": null
      },
      {
        "model": "s.k. lha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mr",
        "version": "1.17"
      },
      {
        "model": "s.k. lha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mr",
        "version": "1.15"
      },
      {
        "model": "s.k. lha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mr",
        "version": "1.14"
      },
      {
        "model": "webshield smtp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.5"
      },
      {
        "model": "webshield appliances",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan professional",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan for netapp",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan enterprise i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "8.0"
      },
      {
        "model": "virusscan command line",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.0"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "8.0"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "6.0"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.5.1"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.5"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.0.3"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.0"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "3.0"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2.0"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "1.0"
      },
      {
        "model": "virex",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "securityshield for microsoft isa server",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "portalshield for microsoft sharepoint",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "netshield for netware",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "managed virusscan",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "linuxshield",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "internet security suite",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "groupshield for mail servers with epo",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "groupshield for lotus domino",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "groupshield for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.5"
      },
      {
        "model": "asap virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "active virus defense smb edition",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "active threat protection",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "active mail protection",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "personal express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.7"
      },
      {
        "model": "personal express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.6"
      },
      {
        "model": "personal express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.5"
      },
      {
        "model": "internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "2004"
      },
      {
        "model": "internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "2003"
      },
      {
        "model": "anti-virus for workstations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.42"
      },
      {
        "model": "anti-virus for workstations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.41"
      },
      {
        "model": "anti-virus for windows servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.42"
      },
      {
        "model": "anti-virus for windows servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.41"
      },
      {
        "model": "anti-virus for samba servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.60"
      },
      {
        "model": "anti-virus for ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.21"
      },
      {
        "model": "anti-virus for mimesweeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.42"
      },
      {
        "model": "anti-virus for mimesweeper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.41"
      },
      {
        "model": "anti-virus for linux workstations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.52"
      },
      {
        "model": "anti-virus for linux workstations",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.51"
      },
      {
        "model": "anti-virus for linux servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.52"
      },
      {
        "model": "anti-virus for linux servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.51"
      },
      {
        "model": "anti-virus for linux gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.52"
      },
      {
        "model": "anti-virus for linux gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "4.51"
      },
      {
        "model": "anti-virus client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.52"
      },
      {
        "model": "anti-virus client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.50"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "2004"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "2003"
      },
      {
        "model": "mailsweeper sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "clearswift",
        "version": "4.3.6"
      },
      {
        "model": "networks barracuda spam firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.1.18"
      },
      {
        "model": "networks barracuda spam firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.1.17"
      },
      {
        "model": "networks barracuda spam firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.3.03.022"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "10243"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_for_firewalls:6.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:lha:1.14i-9:*:i386:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_workstations:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stalker:cgpmcafee:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tsugio_okamoto:lha:1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tsugio_okamoto:lha:1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tsugio_okamoto:lha:1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0235"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ulf Harnhammar\u203b ulfh@update.uu.se\u203bJean-S\u00e9bastien Guay-Leroux\u203b jean-sebastien@guay-leroux.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-0235",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2004-0235",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-8665",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-0235",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200408-176",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-8665",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-8665"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\"). \nThe first issues reported have been assigned the CVE candidate identifier (CAN-2004-0234). LHA is reported prone to two stack-based buffer-overflow vulnerabilities. An attacker may exploit these vulnerabilities to execute supplied instructions with the privileges of the user who invoked the affected LHA utility. \nThe second set of issues has been assigned CVE candidate identifier (CAN-2004-0235). In addition to the buffer-overflow vulnerabilities that were reported, LHA has been reported prone to several directory-traversal issues. An attacker may likely exploit these directory-traversal vulnerabilities to corrupt/overwrite files in the context of the user who is running the affected LHA utility. \n**NOTE: Reportedly, this issue may also cause a denial-of-service condition in the ClearSwift MAILsweeper products due to code dependency. \n**Update: Many F-Secure Anti-Virus products are also reported prone to the buffer-overflow vulnerability. LHa is a console-based decompression program. Carefully constructed file or directory names can execute arbitrary commands with process privileges. Attackers can build simple packages that corrupt system files when LHA operates. ------------------------------------------------------------------------\n\nLHa buffer overflows and directory traversal problems\n\nPROGRAM: LHa (Unix version)\nVENDOR: various people\nVULNERABLE VERSIONS: 1.14d to 1.14i\n                     1.17 (Linux binary)\n                     possibly others\nIMMUNE VERSIONS: 1.14i with my patch applied\n                 1.14h with my patch applied\nLHa 1.14: http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm\n          http://www2m.biglobe.ne.jp/~dolphin/lha/prog/\nLHa 1.17: http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/\nREFERENCES: CAN-2004-0234 (buffer overflows)\n            CAN-2004-0235 (directory traversal)\n\n* DESCRIPTION *\n\nLHa is a console-based program for packing and unpacking LHarc\narchives. \n\nIt is one of the packages in Red Hat Linux, Fedora Core, SUSE\nLinux, Debian GNU/Linux (non-free), Mandrakelinux, Slackware Linux,\nGentoo Linux, Yellow Dog Linux, Conectiva Linux and ALT Linux. \nIt is also included in the port/package collections for FreeBSD,\nOpenBSD and NetBSD. \n\n* OVERVIEW *\n\nLHa has two stack-based buffer overflows and two directory traversal\nproblems. They can be abused by malicious people in many different\nways: some mail virus scanners require LHa and run it automatically\non attached files in e-mail messages. Some web applications allow\nuploading and unpacking of LHarc archives. Some people set up their\nweb browsers to start LHa automatically after downloading an LHarc\narchive. Finally, social engineering is probably quite effective\nin this case. \n\n* TECHNICAL DETAILS *\n\na) two stack-based buffer overflows\n\nThe buffer overflows in LHa occur when testing (t) or extracting\n(x) archives where the archive contents have too long filenames\nor directory names. The cause of the problem is the function\nget_header() in header.c. This function first reads the lengths of\nfilenames or directory names from the archive, and then it reads\nthat many bytes to a char array (one for filenames and one for\ndirectory names) without checking if the array is big enough. \n\nBy exploiting this bug, you get control over several registers\nincluding EIP, as you can see in this session capture:\n\n$ lha t buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\nSegmentation fault\n$ lha x buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\nSegmentation fault\n$ gdb lha\nGNU gdb Red Hat Linux (5.3post-0.20021129.18rh)\nCopyright 2003 Free Software Foundation, Inc. \nGDB is free software, covered by the GNU General Public License, and\nyou are welcome to change it and/or distribute copies of it under\ncertain conditions. \nType \"show copying\" to see the conditions. \nThere is absolutely no warranty for GDB. Type \"show warranty\" for\ndetails. \nThis GDB was configured as \"i386-redhat-linux-gnu\"... \n(gdb) r x buf_oflow.lha\nStarting program: /usr/bin/lha x buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x55555555 in ?? ()\n(gdb) bt\n#0 0x55555555 in ?? ()\nCannot access memory at address 0x55555555\n(gdb) i r\neax 0x4001e4a0 1073865888\necx 0xffffffe0 -32\nedx 0x24 36\nebx 0x55555555 1431655765\nesp 0xbfffdd50 0xbfffdd50\nebp 0x55555555 0x55555555\nesi 0x55555555 1431655765\nedi 0x55555555 1431655765\neip 0x55555555 0x55555555\neflags 0x210282 2163330\ncs 0x23 35\nss 0x2b 43\nds 0x2b 43\nes 0x2b 43\nfs 0x0 0\ngs 0x33 51\n(gdb) r t buf_oflow.lha\nThe program being debugged has been started already. \nStart it from the beginning? (y or n) y\nStarting program: /usr/bin/lha t buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x55555555 in ?? ()\n(gdb) bt\n#0 0x55555555 in ?? ()\nCannot access memory at address 0x55555555\n(gdb) i r\neax 0x4001e4a0 1073865888\necx 0xffffffe0 -32\nedx 0x24 36\nebx 0x55555555 1431655765\nesp 0xbfffe6d0 0xbfffe6d0\nebp 0x55555555 0x55555555\nesi 0x55555555 1431655765\nedi 0x55555555 1431655765\neip 0x55555555 0x55555555\neflags 0x210286 2163334\ncs 0x23 35\nss 0x2b 43\nds 0x2b 43\nes 0x2b 43\nfs 0x0 0\ngs 0x33 51\n(gdb) q\nThe program is running. Exit anyway? (y or n) y\n$\n\nb) two directory traversal problems\n\nLHa has directory traversal problems, both with absolute paths\nand relative paths. There is no protection against relative paths\nat all, so you can simply use the lha binary to create an archive\nwith paths like \"../../../../../etc/cron.d/evil\". There is some\nsimple protection against absolute paths, namely skipping the first\ncharacter if it is a slash, but again you can simply use the binary\nto create archives with paths like \"//etc/cron.d/evil\". \n\n* ATTACHED FILES *\n\nI have written a patch against version 1.14i that corrects all\nfour problems. The patch is included as an attachment, together\nwith some test archives. \n\n* TIMELINE *\n\n18 Apr: contacted the vendor-sec list and the LHa 1.14 author\n18 Apr: tried to contact the LHa 1.17 author with a web form and\n        a guessed e-mail address which bounced\n19 Apr: reply from the vendor-sec list with CVE references\n30 Apr: Red Hat released their advisory\n01 May: I release this advisory\n\n// Ulf Harnhammar\nAdvogato diary :: http://www.advogato.org/person/metaur/\nidiosynkratisk (Swedish electropop zine) :: http://idiosynkratisk.tk/\nDebian Security Audit Project :: http://shellcode.org/Audit/\n\n------------------------------------------------------------------------\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0235"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      },
      {
        "db": "BID",
        "id": "10243"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8665"
      },
      {
        "db": "PACKETSTORM",
        "id": "33241"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2004-0235",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "10243",
        "trust": 2.8
      },
      {
        "db": "XF",
        "id": "16013",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000170",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200408-176",
        "trust": 0.7
      },
      {
        "db": "FULLDISC",
        "id": "20040501 LHA BUFFER OVERFLOWS AND DIRECTORY TRAVERSAL PROBLEMS",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:978",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:10409",
        "trust": 0.6
      },
      {
        "db": "FEDORA",
        "id": "FEDORA-2004-119",
        "trust": 0.6
      },
      {
        "db": "FEDORA",
        "id": "FLSA:1833",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-515",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20040510 [ULF HARNHAMMAR]: LHA ADVISORY + PATCH",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200405-02",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2004:178",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2004:179",
        "trust": 0.6
      },
      {
        "db": "CONECTIVA",
        "id": "CLA-2004:840",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-8665",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "33241",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-8665"
      },
      {
        "db": "BID",
        "id": "10243"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      },
      {
        "db": "PACKETSTORM",
        "id": "33241"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ]
  },
  "id": "VAR-200408-0141",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-8665"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:41:21.801000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LHA for UNIX Version 1.17",
        "trust": 0.8,
        "url": "http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://lha.sourceforge.jp/"
      },
      {
        "title": "RHSA-2004:178",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-178.html"
      },
      {
        "title": "RHSA-2004:179",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-179.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0235"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/10243"
      },
      {
        "trust": 2.0,
        "url": "http://www.redhat.com/archives/fedora-announce-list/2004-may/msg00005.html"
      },
      {
        "trust": 1.8,
        "url": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2004/dsa-515"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
      },
      {
        "trust": 1.7,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/020776.html"
      },
      {
        "trust": 1.7,
        "url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-178.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-179.html"
      },
      {
        "trust": 1.6,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/16013"
      },
      {
        "trust": 1.4,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:978"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10409"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a978"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0235"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0235"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108422737918885\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:10409"
      },
      {
        "trust": 0.4,
        "url": "http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/"
      },
      {
        "trust": 0.3,
        "url": "http://www.barracudanetworks.com/ns/products/spam_overview.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.stalker.com/cgpmcafee/"
      },
      {
        "trust": 0.3,
        "url": "http://www.f-secure.com/security/fsc-2004-1.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://mail.stalker.com/lists/cgatepro/message/61244.html"
      },
      {
        "trust": 0.3,
        "url": "http://images.mcafee.com/misc/mcafee_security_bulletin_05-march-17.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-178.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-219.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.rarsoft.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.winzip.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/366265"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=108422737918885\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000840"
      },
      {
        "trust": 0.1,
        "url": "http://shellcode.org/audit/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0234"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0235"
      },
      {
        "trust": 0.1,
        "url": "http://idiosynkratisk.tk/"
      },
      {
        "trust": 0.1,
        "url": "http://www.advogato.org/person/metaur/"
      },
      {
        "trust": 0.1,
        "url": "http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm"
      },
      {
        "trust": 0.1,
        "url": "http://www2m.biglobe.ne.jp/~dolphin/lha/prog/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-8665"
      },
      {
        "db": "BID",
        "id": "10243"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      },
      {
        "db": "PACKETSTORM",
        "id": "33241"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-8665"
      },
      {
        "db": "BID",
        "id": "10243"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      },
      {
        "db": "PACKETSTORM",
        "id": "33241"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-08-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8665"
      },
      {
        "date": "2004-04-30T00:00:00",
        "db": "BID",
        "id": "10243"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      },
      {
        "date": "2004-05-04T04:25:06",
        "db": "PACKETSTORM",
        "id": "33241"
      },
      {
        "date": "2004-08-18T04:00:00",
        "db": "NVD",
        "id": "CVE-2004-0235"
      },
      {
        "date": "2004-04-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8665"
      },
      {
        "date": "2009-07-12T04:07:00",
        "db": "BID",
        "id": "10243"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      },
      {
        "date": "2017-10-11T01:29:24.810000",
        "db": "NVD",
        "id": "CVE-2004-0235"
      },
      {
        "date": "2006-09-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lha Directory Traversal Vulnerability in Testing and Extracting Process",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000170"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "10243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200408-176"
      }
    ],
    "trust": 0.9
  }
}

CVE-2004-0235

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

Lha Directory Traversal Vulnerability in Testing and Extracting Process

Details

LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0235
	OVAL	http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:978
	BID	http://www.securityfocus.com/bid/10243
	BID	http://marc.info/?l=bugtraq&m=108422737918885&w=2
	XF	http://xforce.iss.net/xforce/xfdb/16013

Impacted products

▼	Vendor	Product
	LHa for UNIX project	LHa for UNIX
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Linux
	Red Hat, Inc.	Red Hat Linux Advanced Workstation

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
      "@product": "LHa for UNIX",
      "@vendor": "LHa for UNIX project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000170",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235",
      "@id": "CVE-2004-0235",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0235",
      "@id": "CVE-2004-0235",
      "@source": "NVD"
    },
    {
      "#text": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:978",
      "@id": "978",
      "@source": "OVAL"
    },
    {
      "#text": "http://www.securityfocus.com/bid/10243",
      "@id": "10243",
      "@source": "BID"
    },
    {
      "#text": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2",
      "@id": "LHA Advisory + Patch",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/16013",
      "@id": "16013",
      "@source": "XF"
    }
  ],
  "title": "Lha Directory Traversal Vulnerability in Testing and Extracting Process"
}

gsd-2004-0235

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2004-0235

Aliases

CVE-2004-0235

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-0235",
    "description": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\").",
    "id": "GSD-2004-0235",
    "references": [
      "https://www.suse.com/security/cve/CVE-2004-0235.html",
      "https://www.debian.org/security/2004/dsa-515",
      "https://access.redhat.com/errata/RHSA-2004:179",
      "https://access.redhat.com/errata/RHSA-2004:178"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-0235"
      ],
      "details": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\").",
      "id": "GSD-2004-0235",
      "modified": "2023-12-13T01:22:54.354126Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-0235",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\")."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "CLA-2004:840",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840"
          },
          {
            "name": "FEDORA-2004-119",
            "refsource": "FEDORA",
            "url": "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html"
          },
          {
            "name": "10243",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/10243"
          },
          {
            "name": "20040501 LHa buffer overflows and directory traversal problems",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html"
          },
          {
            "name": "lha-directory-traversal(16013)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013"
          },
          {
            "name": "RHSA-2004:179",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2004-179.html"
          },
          {
            "name": "FLSA:1833",
            "refsource": "FEDORA",
            "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
          },
          {
            "name": "DSA-515",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2004/dsa-515"
          },
          {
            "name": "20040510 [Ulf Harnhammar]: LHA Advisory + Patch",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2"
          },
          {
            "name": "GLSA-200405-02",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
          },
          {
            "name": "RHSA-2004:178",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2004-178.html"
          },
          {
            "name": "oval:org.mitre.oval:def:978",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978"
          },
          {
            "name": "oval:org.mitre.oval:def:10409",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_for_firewalls:6.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:lha:1.14i-9:*:i386:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_workstations:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:stalker:cgpmcafee:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tsugio_okamoto:lha:1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tsugio_okamoto:lha:1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tsugio_okamoto:lha:1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0235"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\")."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "10243",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/10243"
            },
            {
              "name": "20040501 LHa buffer overflows and directory traversal problems",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html"
            },
            {
              "name": "DSA-515",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2004/dsa-515"
            },
            {
              "name": "FLSA:1833",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
            },
            {
              "name": "RHSA-2004:178",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-178.html"
            },
            {
              "name": "RHSA-2004:179",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-179.html"
            },
            {
              "name": "GLSA-200405-02",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
            },
            {
              "name": "FEDORA-2004-119",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html"
            },
            {
              "name": "CLA-2004:840",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840"
            },
            {
              "name": "20040510 [Ulf Harnhammar]: LHA Advisory + Patch",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2"
            },
            {
              "name": "lha-directory-traversal(16013)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013"
            },
            {
              "name": "oval:org.mitre.oval:def:978",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978"
            },
            {
              "name": "oval:org.mitre.oval:def:10409",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:29Z",
      "publishedDate": "2004-08-18T04:00Z"
    }
  }
}

ghsa-v492-qprp-rvhr

Vulnerability from github

Published

2022-04-29 02:57

Modified

2022-04-29 02:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-0235"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-08-18T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\").",
  "id": "GHSA-v492-qprp-rvhr",
  "modified": "2022-04-29T02:57:23Z",
  "published": "2022-04-29T02:57:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0235"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2004/dsa-515"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-178.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-179.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/10243"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2004-0235

Vulnerability from cvelistv5

rhsa-2004_178

Vulnerability from csaf_redhat

rhsa-2004_179

Vulnerability from csaf_redhat

var-200408-0141

Vulnerability from variot

0 0x55555555 in ?? ()

0 0x55555555 in ?? ()

CVE-2004-0235

Vulnerability from jvndb

gsd-2004-0235

Vulnerability from gsd

ghsa-v492-qprp-rvhr

Vulnerability from github

Tags

Sightings

Nomenclature