Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0235

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-0235
Last Modified 21 Aug 2010 12:20:01
Published 18 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0235

Summary

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

Vulnerable Systems

Operating System

  • Redhat Fedora Core Core 1.0

Application

  • Clearswift Mailsweeper 4.0

  • Clearswift Mailsweeper 4.1

  • Clearswift Mailsweeper 4.2

  • Clearswift Mailsweeper 4.3

  • Clearswift Mailsweeper 4.3.10

  • Clearswift Mailsweeper 4.3.11

  • Clearswift Mailsweeper 4.3.13

  • Clearswift Mailsweeper 4.3.3

  • Clearswift Mailsweeper 4.3.4

  • Clearswift Mailsweeper 4.3.5

  • Clearswift Mailsweeper 4.3.6

  • Clearswift Mailsweeper 4.3.6 Sp1

  • Clearswift Mailsweeper 4.3.7

  • Clearswift Mailsweeper 4.3.8

  • F-secure Anti-virus 2003

  • F-secure Anti-virus 2004

  • F-secure Anti-virus 4.51

  • F-secure Anti-virus 4.52

  • F-secure Anti-virus 4.60

  • F-secure Anti-virus 5.41

  • F-secure Anti-virus 5.42

  • F-secure Anti-virus 5.5

  • F-secure Anti-virus 5.52

  • F-secure Anti-virus 6.21

  • F-secure For Firewalls 6.20

  • F-secure Internet Gatekeeper 6.31

  • F-secure Internet Gatekeeper 6.32

  • F-secure Internet Security 2003

  • F-secure Internet Security 2004

  • F-secure Personal Express 4.5

  • F-secure Personal Express 4.6

  • F-secure Personal Express 4.7

  • Rarlab Winrar 3.20

  • Redhat Lha 1.14i-9

  • Sgi Propack 2.4

  • Sgi Propack 3.0

  • Stalker Cgpmcafee 3.2

  • Tsugio Okamoto Lha 1.14

  • Tsugio Okamoto Lha 1.15

  • Tsugio Okamoto Lha 1.17

  • Winzip 9.0


References

BID - 10243

BUGTRAQ - 20040510 [Ulf Harnhammar]: LHA Advisory + Patch

FEDORA - FLSA:1833

XF - lha-directory-traversal(16013)

REDHAT - RHSA-2004:179

REDHAT - RHSA-2004:178

FEDORA - FEDORA-2004-119

DEBIAN - DSA-515

GENTOO - GLSA-200405-02

FULLDISC - 20040501 LHa buffer overflows and directory traversal problems

CONECTIVA - CLA-2004:840


Last Updated: 27 May 2016 10:38:32