[Japanese]

JVNDB-2004-000197

LHA extrace_one Vuffer Overflow Vulnerability

Overview

LHA lhext.c contains a buffer overflow vulnerability with the extract_one funcation, which stems from improper handling of a 'w' option argument.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 10.0 (High) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


LHa for UNIX project
  • LHa for UNIX 1.17 and earlier
Cybertrust Japan Co., Ltd.
  • Asianux Server 2.0
  • Asianux Server 2.1
  • Asianux Server 3.0
Red Hat, Inc.
  • Red Hat Enterprise Linux 2.1 (as)
  • Red Hat Enterprise Linux 3 (as)
  • Red Hat Enterprise Linux 2.1 (es)
  • Red Hat Enterprise Linux 3 (es)
  • Red Hat Enterprise Linux 2.1 (ws)
  • Red Hat Enterprise Linux 3 (ws)
  • Red Hat Enterprise Linux Desktop 3.0
  • Red Hat Linux Advanced Workstation 2.1

Impact

An remote attacker could execute arbitrary code.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

LHa for UNIX project Cybertrust Japan Co., Ltd. Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2004-0771
References

  1. National Vulnerability Database (NVD) : CVE-2004-0771
  2. SecurityFocus : 11093
  3. SecurityFocus : 10354
  4. ISS X-Force Database : 16196
Revision History

  • [2008/05/21]
      Web page published