[Japanese]

JVNDB-2004-000196

LHA Buffer Overflow Vulnerability with lack of Path Length Validation

Overview

LHA is vulnerable to buffer overflow due to improper handling of a pathname in the LHarc Format 2 header for an .LHZ archive.
CVSS Severity (What is CVSS?)

Base Metrics: 10.0 (High) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete

Affected Products


LHA for UNIX
  • LHA for UNIX 1.17 and earlier
MIRACLE LINUX CORPORATION
  • MIRACLE LINUX V2.0
  • MIRACLE LINUX V2.1
  • MIRACLE LINUX V3.0
Red Hat, Inc.
  • Red Hat Desktop (v.3)
  • Red Hat Enterprise Linux AS (v.2.1)
  • Red Hat Enterprise Linux AS (v.3)
  • Red Hat Enterprise Linux ES (v.2.1)
  • Red Hat Enterprise Linux ES (v.3)
  • Red Hat Enterprise Linux WS (v.2.1)
  • Red Hat Enterprise Linux WS (v.3)
  • Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

Impact

An remote attacker coulf execute arbitrary code.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

LHA for UNIX MIRACLE LINUX CORPORATION Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2004-0769
References

  1. National Vulnerability Database (NVD) : CVE-2004-0769
  2. SecurityFocus : 11093
  3. ISS X-Force Database : 16917
Revision History

[2008/05/21]
  Web page published