rhsa-2004_179
Vulnerability from csaf_redhat
Published
2004-04-30 07:22
Modified
2024-11-05 16:22
Summary
Red Hat Security Advisory: : An updated LHA package fixes security vulnerabilities
Notes
Topic
An updated LHA package that fixes several security vulnerabilities is now
available.
Details
LHA is an archiving and compression utility for LHarc format archives.
Ulf Harnhammar discovered two stack buffer overflows and two directory
traversal flaws in LHA. An attacker could exploit the buffer overflows by
creating a carefully crafted LHA archive in such a way that arbitrary code
would be executed when the archive is tested or extracted by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0234 to this issue. An attacker could exploit
the directory traversal issues to create files as the victim outside of the
expected directory. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0235 to this issue.
Users of LHA should update to this updated packages which contain
backported patches not vulnerable to these issues.
Red Hat would like to thank Ulf Harnhammar for disclosing and providing
test cases and patches for these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated LHA package that fixes several security vulnerabilities is now\navailable.", "title": "Topic" }, { "category": "general", "text": "LHA is an archiving and compression utility for LHarc format archives.\n\nUlf Harnhammar discovered two stack buffer overflows and two directory\ntraversal flaws in LHA. An attacker could exploit the buffer overflows by\ncreating a carefully crafted LHA archive in such a way that arbitrary code\nwould be executed when the archive is tested or extracted by a victim. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0234 to this issue. An attacker could exploit\nthe directory traversal issues to create files as the victim outside of the\nexpected directory. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0235 to this issue.\n\nUsers of LHA should update to this updated packages which contain\nbackported patches not vulnerable to these issues.\n\nRed Hat would like to thank Ulf Harnhammar for disclosing and providing\ntest cases and patches for these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2004:179", "url": "https://access.redhat.com/errata/RHSA-2004:179" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_179.json" } ], "title": "Red Hat Security Advisory: : An updated LHA package fixes security vulnerabilities", "tracking": { "current_release_date": "2024-11-05T16:22:41+00:00", "generator": { "date": "2024-11-05T16:22:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2004:179", "initial_release_date": "2004-04-30T07:22:00+00:00", "revision_history": [ { "date": "2004-04-30T07:22:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2004-04-30T00:00:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:22:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Linux 9", "product": { "name": "Red Hat Linux 9", "product_id": "Red Hat Linux 9", "product_identification_helper": { "cpe": "cpe:/o:redhat:linux:9" } } } ], "category": "product_family", "name": "Red Hat Linux" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Ulf H\u00e4rnhammar" ] } ], "cve": "CVE-2004-0234", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1618362" } ], "notes": [ { "category": "description", "text": "Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Linux 9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0234" }, { "category": "external", "summary": "RHBZ#1618362", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618362" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0234", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0234" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0234", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0234" } ], "release_date": "2004-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-04-30T07:22:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate. The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt", "product_ids": [ "Red Hat Linux 9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:179" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "security flaw" }, { "acknowledgments": [ { "names": [ "Ulf H\u00e4rnhammar" ] } ], "cve": "CVE-2004-0235", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1617184" } ], "notes": [ { "category": "description", "text": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\").", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Linux 9" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0235" }, { "category": "external", "summary": "RHBZ#1617184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0235" } ], "release_date": "2004-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-04-30T07:22:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate. The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt", "product_ids": [ "Red Hat Linux 9" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:179" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "security flaw" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.