A local overflow exists in LHA. LHA fails to perform proper bounds checking on command line arguments resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of confidentiality and/or integrity.
Local Access Required
Loss of Confidentiality,
Loss of Integrity
Upgrade to version LHA for UNIX Version 1.14i or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.