Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0771

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0771
Last Modified 05 Feb 2011 12:23:50
Published 23 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0771

Summary

Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

Vulnerable Systems

Application

  • Tsugio Okamoto Lha 1.14

  • Tsugio Okamoto Lha 1.15

  • Tsugio Okamoto Lha 1.17


References

BID - 10354

FEDORA - FLSA:1833

XF - lha-extractone-bo(16196)

BUGTRAQ - 20040515 lha buffer overflow(s) again

REDHAT - RHSA-2004:440

REDHAT - RHSA-2004:323

GENTOO - GLSA-200409-13

BUGTRAQ - 20040606 Re: [SECURITY] [DSA 515-1] New lha packages fix several

MISC - http://bugs.gentoo.org/show_bug.cgi?id=51285


Last Updated: 27 May 2016 10:38:44