Info

Disclosure

Sep 02, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in LHA. LHA fails to perform proper bounds checking on command line arguments resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of confidentiality and/or integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public

Solution

Upgrade to version LHA for UNIX Version 1.14i or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mr. S.K.	LHA	1.17
		1.14i
		1.14h
		1.14g
		1.14f
		1.14e
		1.14d

References

Secunia Advisory ID: 12435 12437 12494 12496
CVE ID: 2004-0694 (see also: NVD)
Related OSVDB ID: 9519 9520 9522
Vendor Specific Advisory URL: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126740
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml
Vendor URL: http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/
RedHat RHSA: RHSA-2004:323 RHSA-2004:323-09 RHSA-2004:440

Credit

Lukasz Wojtow -

Direct URL: http://osvdb.org/9521

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mr. S.K.

LHA

References

Credit