ID

VAR-200408-0141


CVE

CVE-2004-0235


TITLE

Lha Directory Traversal Vulnerability in Testing and Extracting Process

Trust: 0.8

sources: JVNDB: JVNDB-2004-000170

DESCRIPTION

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). The first issues reported have been assigned the CVE candidate identifier (CAN-2004-0234). LHA is reported prone to two stack-based buffer-overflow vulnerabilities. An attacker may exploit these vulnerabilities to execute supplied instructions with the privileges of the user who invoked the affected LHA utility. The second set of issues has been assigned CVE candidate identifier (CAN-2004-0235). In addition to the buffer-overflow vulnerabilities that were reported, LHA has been reported prone to several directory-traversal issues. An attacker may likely exploit these directory-traversal vulnerabilities to corrupt/overwrite files in the context of the user who is running the affected LHA utility. **NOTE: Reportedly, this issue may also cause a denial-of-service condition in the ClearSwift MAILsweeper products due to code dependency. **Update: Many F-Secure Anti-Virus products are also reported prone to the buffer-overflow vulnerability. LHa is a console-based decompression program. Carefully constructed file or directory names can execute arbitrary commands with process privileges. Attackers can build simple packages that corrupt system files when LHA operates. ------------------------------------------------------------------------ LHa buffer overflows and directory traversal problems PROGRAM: LHa (Unix version) VENDOR: various people VULNERABLE VERSIONS: 1.14d to 1.14i 1.17 (Linux binary) possibly others IMMUNE VERSIONS: 1.14i with my patch applied 1.14h with my patch applied LHa 1.14: http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm http://www2m.biglobe.ne.jp/~dolphin/lha/prog/ LHa 1.17: http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/ REFERENCES: CAN-2004-0234 (buffer overflows) CAN-2004-0235 (directory traversal) * DESCRIPTION * LHa is a console-based program for packing and unpacking LHarc archives. It is one of the packages in Red Hat Linux, Fedora Core, SUSE Linux, Debian GNU/Linux (non-free), Mandrakelinux, Slackware Linux, Gentoo Linux, Yellow Dog Linux, Conectiva Linux and ALT Linux. It is also included in the port/package collections for FreeBSD, OpenBSD and NetBSD. * OVERVIEW * LHa has two stack-based buffer overflows and two directory traversal problems. They can be abused by malicious people in many different ways: some mail virus scanners require LHa and run it automatically on attached files in e-mail messages. Some web applications allow uploading and unpacking of LHarc archives. Some people set up their web browsers to start LHa automatically after downloading an LHarc archive. Finally, social engineering is probably quite effective in this case. * TECHNICAL DETAILS * a) two stack-based buffer overflows The buffer overflows in LHa occur when testing (t) or extracting (x) archives where the archive contents have too long filenames or directory names. The cause of the problem is the function get_header() in header.c. This function first reads the lengths of filenames or directory names from the archive, and then it reads that many bytes to a char array (one for filenames and one for directory names) without checking if the array is big enough. By exploiting this bug, you get control over several registers including EIP, as you can see in this session capture: $ lha t buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Segmentation fault $ lha x buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Segmentation fault $ gdb lha GNU gdb Red Hat Linux (5.3post-0.20021129.18rh) Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... (gdb) r x buf_oflow.lha Starting program: /usr/bin/lha x buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Program received signal SIGSEGV, Segmentation fault. 0x55555555 in ?? () (gdb) bt #0 0x55555555 in ?? () Cannot access memory at address 0x55555555 (gdb) i r eax 0x4001e4a0 1073865888 ecx 0xffffffe0 -32 edx 0x24 36 ebx 0x55555555 1431655765 esp 0xbfffdd50 0xbfffdd50 ebp 0x55555555 0x55555555 esi 0x55555555 1431655765 edi 0x55555555 1431655765 eip 0x55555555 0x55555555 eflags 0x210282 2163330 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x33 51 (gdb) r t buf_oflow.lha The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /usr/bin/lha t buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Program received signal SIGSEGV, Segmentation fault. 0x55555555 in ?? () (gdb) bt #0 0x55555555 in ?? () Cannot access memory at address 0x55555555 (gdb) i r eax 0x4001e4a0 1073865888 ecx 0xffffffe0 -32 edx 0x24 36 ebx 0x55555555 1431655765 esp 0xbfffe6d0 0xbfffe6d0 ebp 0x55555555 0x55555555 esi 0x55555555 1431655765 edi 0x55555555 1431655765 eip 0x55555555 0x55555555 eflags 0x210286 2163334 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x33 51 (gdb) q The program is running. Exit anyway? (y or n) y $ b) two directory traversal problems LHa has directory traversal problems, both with absolute paths and relative paths. There is no protection against relative paths at all, so you can simply use the lha binary to create an archive with paths like "../../../../../etc/cron.d/evil". There is some simple protection against absolute paths, namely skipping the first character if it is a slash, but again you can simply use the binary to create archives with paths like "//etc/cron.d/evil". * ATTACHED FILES * I have written a patch against version 1.14i that corrects all four problems. The patch is included as an attachment, together with some test archives. * TIMELINE * 18 Apr: contacted the vendor-sec list and the LHa 1.14 author 18 Apr: tried to contact the LHa 1.17 author with a web form and a guessed e-mail address which bounced 19 Apr: reply from the vendor-sec list with CVE references 30 Apr: Red Hat released their advisory 01 May: I release this advisory // Ulf Harnhammar Advogato diary :: http://www.advogato.org/person/metaur/ idiosynkratisk (Swedish electropop zine) :: http://idiosynkratisk.tk/ Debian Security Audit Project :: http://shellcode.org/Audit/ ------------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2004-0235 // JVNDB: JVNDB-2004-000170 // BID: 10243 // VULHUB: VHN-8665 // PACKETSTORM: 33241

AFFECTED PRODUCTS

vendor:tsugio okamotomodel:lhascope:eqversion:1.17

Trust: 1.6

vendor:tsugio okamotomodel:lhascope:eqversion:1.15

Trust: 1.6

vendor:tsugio okamotomodel:lhascope:eqversion:1.14

Trust: 1.6

vendor:winzipmodel:winzipscope:eqversion:9.0

Trust: 1.3

vendor:stalkermodel:cgpmcafeescope:eqversion:3.2

Trust: 1.3

vendor:sgimodel:propackscope:eqversion:3.0

Trust: 1.3

vendor:sgimodel:propackscope:eqversion:2.4

Trust: 1.3

vendor:rarlabmodel:winrarscope:eqversion:3.20

Trust: 1.3

vendor:f securemodel:internet gatekeeperscope:eqversion:6.32

Trust: 1.3

vendor:f securemodel:internet gatekeeperscope:eqversion:6.31

Trust: 1.3

vendor:f securemodel:f-secure for firewallsscope:eqversion:6.20

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.13

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.11

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.10

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.8

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.7

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.6

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.5

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.4

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.3

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.2

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.1

Trust: 1.3

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.0

Trust: 1.3

vendor:f securemodel:f-secure personal expressscope:eqversion:4.6

Trust: 1.0

vendor:f securemodel:f-secure internet securityscope:eqversion:2003

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:2003

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.42

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.52

Trust: 1.0

vendor:f securemodel:f-secure internet securityscope:eqversion:2004

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.41

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:4.51

Trust: 1.0

vendor:f securemodel:f-secure personal expressscope:eqversion:4.5

Trust: 1.0

vendor:redhatmodel:fedora corescope:eqversion:core_1.0

Trust: 1.0

vendor:redhatmodel:lhascope:eqversion:1.14i-9

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:2004

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:4.52

Trust: 1.0

vendor:f securemodel:f-secure personal expressscope:eqversion:4.7

Trust: 1.0

vendor:clearswiftmodel:mailsweeperscope:eqversion:4.3.6_sp1

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:4.60

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:6.21

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.5

Trust: 1.0

vendor:lha for unixmodel:lha for unixscope:lteversion:1.17

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:3.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:9

Trust: 0.8

vendor:red hatmodel:linux advanced workstationscope:eqversion:2.1

Trust: 0.8

vendor:redhatmodel:linux i686scope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:linux i386scope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:linuxscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:lha-1.14i-9.i386.rpmscope: - version: -

Trust: 0.3

vendor:redmodel:hat fedora core1scope: - version: -

Trust: 0.3

vendor:mrmodel:s.k. lhascope:eqversion:1.17

Trust: 0.3

vendor:mrmodel:s.k. lhascope:eqversion:1.15

Trust: 0.3

vendor:mrmodel:s.k. lhascope:eqversion:1.14

Trust: 0.3

vendor:mcafeemodel:webshield smtpscope:eqversion:4.5

Trust: 0.3

vendor:mcafeemodel:webshield appliancesscope: - version: -

Trust: 0.3

vendor:mcafeemodel:virusscan professionalscope: - version: -

Trust: 0.3

vendor:mcafeemodel:virusscan for netappscope: - version: -

Trust: 0.3

vendor:mcafeemodel:virusscan enterprise iscope:eqversion:8.0

Trust: 0.3

vendor:mcafeemodel:virusscan command linescope: - version: -

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:9.0

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:8.0

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:7.1

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:7.0

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:6.0

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:5.0

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:4.5.1

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:4.5

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:4.0.3

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:4.0

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:3.0

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:2.0

Trust: 0.3

vendor:mcafeemodel:virusscanscope:eqversion:1.0

Trust: 0.3

vendor:mcafeemodel:virexscope: - version: -

Trust: 0.3

vendor:mcafeemodel:securityshield for microsoft isa serverscope: - version: -

Trust: 0.3

vendor:mcafeemodel:portalshield for microsoft sharepointscope: - version: -

Trust: 0.3

vendor:mcafeemodel:netshield for netwarescope: - version: -

Trust: 0.3

vendor:mcafeemodel:managed virusscanscope: - version: -

Trust: 0.3

vendor:mcafeemodel:linuxshieldscope: - version: -

Trust: 0.3

vendor:mcafeemodel:internet security suitescope: - version: -

Trust: 0.3

vendor:mcafeemodel:groupshield for mail servers with eposcope: - version: -

Trust: 0.3

vendor:mcafeemodel:groupshield for lotus dominoscope: - version: -

Trust: 0.3

vendor:mcafeemodel:groupshield for exchangescope:eqversion:5.5

Trust: 0.3

vendor:mcafeemodel:asap virusscanscope:eqversion:0

Trust: 0.3

vendor:mcafeemodel:active virus defense smb editionscope: - version: -

Trust: 0.3

vendor:mcafeemodel:active threat protectionscope: - version: -

Trust: 0.3

vendor:mcafeemodel:active mail protectionscope: - version: -

Trust: 0.3

vendor:f securemodel:personal expressscope:eqversion:4.7

Trust: 0.3

vendor:f securemodel:personal expressscope:eqversion:4.6

Trust: 0.3

vendor:f securemodel:personal expressscope:eqversion:4.5

Trust: 0.3

vendor:f securemodel:internet securityscope:eqversion:2004

Trust: 0.3

vendor:f securemodel:internet securityscope:eqversion:2003

Trust: 0.3

vendor:f securemodel:anti-virus for workstationsscope:eqversion:5.42

Trust: 0.3

vendor:f securemodel:anti-virus for workstationsscope:eqversion:5.41

Trust: 0.3

vendor:f securemodel:anti-virus for windows serversscope:eqversion:5.42

Trust: 0.3

vendor:f securemodel:anti-virus for windows serversscope:eqversion:5.41

Trust: 0.3

vendor:f securemodel:anti-virus for samba serversscope:eqversion:4.60

Trust: 0.3

vendor:f securemodel:anti-virus for ms exchangescope:eqversion:6.21

Trust: 0.3

vendor:f securemodel:anti-virus for mimesweeperscope:eqversion:5.42

Trust: 0.3

vendor:f securemodel:anti-virus for mimesweeperscope:eqversion:5.41

Trust: 0.3

vendor:f securemodel:anti-virus for linux workstationsscope:eqversion:4.52

Trust: 0.3

vendor:f securemodel:anti-virus for linux workstationsscope:eqversion:4.51

Trust: 0.3

vendor:f securemodel:anti-virus for linux serversscope:eqversion:4.52

Trust: 0.3

vendor:f securemodel:anti-virus for linux serversscope:eqversion:4.51

Trust: 0.3

vendor:f securemodel:anti-virus for linux gatewaysscope:eqversion:4.52

Trust: 0.3

vendor:f securemodel:anti-virus for linux gatewaysscope:eqversion:4.51

Trust: 0.3

vendor:f securemodel:anti-virus client securityscope:eqversion:5.52

Trust: 0.3

vendor:f securemodel:anti-virus client securityscope:eqversion:5.50

Trust: 0.3

vendor:f securemodel:anti-virusscope:eqversion:2004

Trust: 0.3

vendor:f securemodel:anti-virusscope:eqversion:2003

Trust: 0.3

vendor:clearswiftmodel:mailsweeper sp1scope:eqversion:4.3.6

Trust: 0.3

vendor:barracudamodel:networks barracuda spam firewallscope:eqversion:3.1.18

Trust: 0.3

vendor:barracudamodel:networks barracuda spam firewallscope:eqversion:3.1.17

Trust: 0.3

vendor:barracudamodel:networks barracuda spam firewallscope:neversion:3.3.03.022

Trust: 0.3

sources: BID: 10243 // JVNDB: JVNDB-2004-000170 // CNNVD: CNNVD-200408-176 // NVD: CVE-2004-0235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0235
value: MEDIUM

Trust: 1.0

NVD: CVE-2004-0235
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200408-176
value: MEDIUM

Trust: 0.6

VULHUB: VHN-8665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0235
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8665
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8665 // JVNDB: JVNDB-2004-000170 // CNNVD: CNNVD-200408-176 // NVD: CVE-2004-0235

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0235

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200408-176

TYPE

Unknown

Trust: 0.9

sources: BID: 10243 // CNNVD: CNNVD-200408-176

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000170

PATCH

title:LHA for UNIX Version 1.17url:http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/

Trust: 0.8

title:Top Pageurl:http://lha.sourceforge.jp/

Trust: 0.8

title:RHSA-2004:178url:https://rhn.redhat.com/errata/RHSA-2004-178.html

Trust: 0.8

title:RHSA-2004:179url:https://rhn.redhat.com/errata/RHSA-2004-179.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000170

EXTERNAL IDS

db:NVDid:CVE-2004-0235

Trust: 2.9

db:BIDid:10243

Trust: 2.8

db:XFid:16013

Trust: 1.4

db:JVNDBid:JVNDB-2004-000170

Trust: 0.8

db:CNNVDid:CNNVD-200408-176

Trust: 0.7

db:FULLDISCid:20040501 LHA BUFFER OVERFLOWS AND DIRECTORY TRAVERSAL PROBLEMS

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:978

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:10409

Trust: 0.6

db:FEDORAid:FEDORA-2004-119

Trust: 0.6

db:FEDORAid:FLSA:1833

Trust: 0.6

db:DEBIANid:DSA-515

Trust: 0.6

db:BUGTRAQid:20040510 [ULF HARNHAMMAR]: LHA ADVISORY + PATCH

Trust: 0.6

db:GENTOOid:GLSA-200405-02

Trust: 0.6

db:REDHATid:RHSA-2004:178

Trust: 0.6

db:REDHATid:RHSA-2004:179

Trust: 0.6

db:CONECTIVAid:CLA-2004:840

Trust: 0.6

db:VULHUBid:VHN-8665

Trust: 0.1

db:PACKETSTORMid:33241

Trust: 0.1

sources: VULHUB: VHN-8665 // BID: 10243 // JVNDB: JVNDB-2004-000170 // PACKETSTORM: 33241 // CNNVD: CNNVD-200408-176 // NVD: CVE-2004-0235

REFERENCES

url:http://www.securityfocus.com/bid/10243

Trust: 2.5

url:http://www.redhat.com/archives/fedora-announce-list/2004-may/msg00005.html

Trust: 2.0

url:http://marc.info/?l=bugtraq&m=108422737918885&w=2

Trust: 1.8

url:http://www.debian.org/security/2004/dsa-515

Trust: 1.7

url:https://bugzilla.fedora.us/show_bug.cgi?id=1833

Trust: 1.7

url:http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/020776.html

Trust: 1.7

url:http://security.gentoo.org/glsa/glsa-200405-02.xml

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2004-178.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2004-179.html

Trust: 1.7

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840

Trust: 1.6

url:http://xforce.iss.net/xforce/xfdb/16013

Trust: 1.4

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:978

Trust: 1.4

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10409

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a978

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16013

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0235

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0235

Trust: 0.8

url:http://marc.theaimsgroup.com/?l=bugtraq&m=108422737918885&w=2

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:10409

Trust: 0.6

url:http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/

Trust: 0.4

url:http://www.barracudanetworks.com/ns/products/spam_overview.php

Trust: 0.3

url:http://www.stalker.com/cgpmcafee/

Trust: 0.3

url:http://www.f-secure.com/security/fsc-2004-1.shtml

Trust: 0.3

url:http://mail.stalker.com/lists/cgatepro/message/61244.html

Trust: 0.3

url:http://images.mcafee.com/misc/mcafee_security_bulletin_05-march-17.pdf

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2004-178.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2004-219.html

Trust: 0.3

url:http://www.rarsoft.com/

Trust: 0.3

url:http://www.winzip.com/

Trust: 0.3

url:/archive/1/366265

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=108422737918885&w=2

Trust: 0.1

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840

Trust: 0.1

url:http://shellcode.org/audit/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2004-0234

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2004-0235

Trust: 0.1

url:http://idiosynkratisk.tk/

Trust: 0.1

url:http://www.advogato.org/person/metaur/

Trust: 0.1

url:http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm

Trust: 0.1

url:http://www2m.biglobe.ne.jp/~dolphin/lha/prog/

Trust: 0.1

sources: VULHUB: VHN-8665 // BID: 10243 // JVNDB: JVNDB-2004-000170 // PACKETSTORM: 33241 // CNNVD: CNNVD-200408-176 // NVD: CVE-2004-0235

CREDITS

Ulf Harnhammar※ ulfh@update.uu.se※Jean-Sébastien Guay-Leroux※ jean-sebastien@guay-leroux.com

Trust: 0.6

sources: CNNVD: CNNVD-200408-176

SOURCES

db:VULHUBid:VHN-8665
db:BIDid:10243
db:JVNDBid:JVNDB-2004-000170
db:PACKETSTORMid:33241
db:CNNVDid:CNNVD-200408-176
db:NVDid:CVE-2004-0235

LAST UPDATE DATE

2024-08-14T12:39:28.431000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-8665date:2017-10-11T00:00:00
db:BIDid:10243date:2009-07-12T04:07:00
db:JVNDBid:JVNDB-2004-000170date:2008-05-21T00:00:00
db:CNNVDid:CNNVD-200408-176date:2006-09-20T00:00:00
db:NVDid:CVE-2004-0235date:2017-10-11T01:29:24.810

SOURCES RELEASE DATE

db:VULHUBid:VHN-8665date:2004-08-18T00:00:00
db:BIDid:10243date:2004-04-30T00:00:00
db:JVNDBid:JVNDB-2004-000170date:2008-05-21T00:00:00
db:PACKETSTORMid:33241date:2004-05-04T04:25:06
db:CNNVDid:CNNVD-200408-176date:2004-04-30T00:00:00
db:NVDid:CVE-2004-0235date:2004-08-18T04:00:00