JVNDB-2004-000197

[Japanese]
JVNDB-2004-000197
LHA extrace_one Vuffer Overflow Vulnerability
Overview
LHA lhext.c contains a buffer overflow vulnerability with the extract_one funcation, which stems from improper handling of a 'w' option argument.
CVSS Severity (What is CVSS?)
Base Metrics: 10.0 (High) [NVD Score] Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

Affected Products

LHA for UNIX LHA for UNIX 1.17 and earlier MIRACLE LINUX CORPORATION MIRACLE LINUX V2.0 MIRACLE LINUX V2.1 MIRACLE LINUX V3.0 Red Hat, Inc. Red Hat Desktop (v.3) Red Hat Enterprise Linux AS (v.2.1) Red Hat Enterprise Linux AS (v.3) Red Hat Enterprise Linux ES (v.2.1) Red Hat Enterprise Linux ES (v.3) Red Hat Enterprise Linux WS (v.2.1) Red Hat Enterprise Linux WS (v.3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

Impact
An remote attacker could execute arbitrary code.
Solution
Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information
LHA for UNIX LHA for UNIX : LHA for UNIX Version 1.17 LHA for UNIX : Top Page MIRACLE LINUX CORPORATION MIRACLE LINUX Update Information : lha (V2.x/V3.0) (Japanese) Red Hat, Inc. Red Hat Security Advisory : RHSA-2004:440 Red Hat Security Advisory : RHSA-2004:323
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2004-0771
References
National Vulnerability Database (NVD) : CVE-2004-0771 SecurityFocus : 11093 SecurityFocus : 10354 ISS X-Force Database : 16196
Revision History
[2008/05/21] Web page published


Date Public	2004/05/15
Date First Published	2008/05/21
Date Last Updated	2008/05/21

LHA extrace_one Vuffer Overflow Vulnerability