Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0769

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0769
Last Modified 05 Feb 2011 12:23:50
Published 18 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0769

Summary

Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.

Vulnerable Systems

Application

  • Mozilla Bugzilla


References

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=51285

FEDORA - FLSA:1833

XF - lha-long-pathname-bo(16917)

REDHAT - RHSA-2004:440

REDHAT - RHSA-2004:323

GENTOO - GLSA-200409-13

MISC - http://lw.ftw.zamosc.pl/lha-exploit.txt

BUGTRAQ - 20040616 Re: [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities; Re:


Last Updated: 27 May 2016 10:38:44