CVE

Id
8662  
CVE No.
CVE-2004-0234  
Status
Candidate  
Description
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.  
Phase
Assigned (20040317)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
54488 8662 CVE-2004-0234 FULLDISC:20040501 LHa buffer overflows and directory traversal problems  View
54489 8662 CVE-2004-0234 URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html  View
54490 8662 CVE-2004-0234 FULLDISC:20040502 Lha local stack overflow Proof Of Concept Code  View
54491 8662 CVE-2004-0234 URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html  View
54492 8662 CVE-2004-0234 BUGTRAQ:20040510 [Ulf Harnhammar]: LHA Advisory + Patch  View
54493 8662 CVE-2004-0234 URL:http://marc.info/?l=bugtraq&m=108422737918885&w=2  View
54494 8662 CVE-2004-0234 BUGTRAQ:20060403 Barracuda LHA archiver security bug leads to remote compromise  View
54495 8662 CVE-2004-0234 URL:http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html  View
54496 8662 CVE-2004-0234 MISC:http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt  View
54497 8662 CVE-2004-0234 CONECTIVA:CLA-2004:840  View
54498 8662 CVE-2004-0234 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840  View
54499 8662 CVE-2004-0234 DEBIAN:DSA-515  View
54500 8662 CVE-2004-0234 URL:http://www.debian.org/security/2004/dsa-515  View
54501 8662 CVE-2004-0234 FEDORA:FLSA:1833  View
54502 8662 CVE-2004-0234 URL:https://bugzilla.fedora.us/show_bug.cgi?id=1833  View
54503 8662 CVE-2004-0234 REDHAT:RHSA-2004:178  View
54504 8662 CVE-2004-0234 URL:http://www.redhat.com/support/errata/RHSA-2004-178.html  View
54505 8662 CVE-2004-0234 REDHAT:RHSA-2004:179  View
54506 8662 CVE-2004-0234 URL:http://www.redhat.com/support/errata/RHSA-2004-179.html  View
54507 8662 CVE-2004-0234 GENTOO:GLSA-200405-02  View
54508 8662 CVE-2004-0234 URL:http://security.gentoo.org/glsa/glsa-200405-02.xml  View
54509 8662 CVE-2004-0234 FEDORA:FEDORA-2004-119  View
54510 8662 CVE-2004-0234 URL:http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html  View
54511 8662 CVE-2004-0234 BID:10243  View
54512 8662 CVE-2004-0234 URL:http://www.securityfocus.com/bid/10243  View
54513 8662 CVE-2004-0234 OVAL:oval:org.mitre.oval:def:9881  View
54514 8662 CVE-2004-0234 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9881  View
54515 8662 CVE-2004-0234 VUPEN:ADV-2006-1220  View
54516 8662 CVE-2004-0234 URL:http://www.vupen.com/english/advisories/2006/1220  View
54517 8662 CVE-2004-0234 OSVDB:5753  View
54518 8662 CVE-2004-0234 URL:http://www.osvdb.org/5753  View
54519 8662 CVE-2004-0234 OSVDB:5754  View
54520 8662 CVE-2004-0234 URL:http://www.osvdb.org/5754  View
54521 8662 CVE-2004-0234 OVAL:oval:org.mitre.oval:def:977  View
54522 8662 CVE-2004-0234 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:977  View
54523 8662 CVE-2004-0234 SECTRACK:1015866  View
54524 8662 CVE-2004-0234 URL:http://securitytracker.com/id?1015866  View
54525 8662 CVE-2004-0234 SECUNIA:19514  View
54526 8662 CVE-2004-0234 URL:http://secunia.com/advisories/19514  View
54527 8662 CVE-2004-0234 XF:lha-multiple-bo(16012)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
62828 JVNDB-2004-000170 LHa の Test/eXtract ルーチンにおけるディレクトリトラバーサルの脆弱性 LHa for UNIX には、書庫をテストまたは解凍する際に、パスの妥当性の確認が複数の箇所において不適切であるため、ディレクトリトラバーサル攻撃を受ける脆弱性が存在します。 CVE-2004-0235 8662 6.4 http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000170.html  View