Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (//absolute/path).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mailsweeper | Clearswift | 4.0 (including) | 4.0 (including) |
Mailsweeper | Clearswift | 4.1 (including) | 4.1 (including) |
Mailsweeper | Clearswift | 4.2 (including) | 4.2 (including) |
Mailsweeper | Clearswift | 4.3 (including) | 4.3 (including) |
Mailsweeper | Clearswift | 4.3.3 (including) | 4.3.3 (including) |
Mailsweeper | Clearswift | 4.3.4 (including) | 4.3.4 (including) |
Mailsweeper | Clearswift | 4.3.5 (including) | 4.3.5 (including) |
Mailsweeper | Clearswift | 4.3.6 (including) | 4.3.6 (including) |
Mailsweeper | Clearswift | 4.3.6_sp1 (including) | 4.3.6_sp1 (including) |
Mailsweeper | Clearswift | 4.3.7 (including) | 4.3.7 (including) |
Mailsweeper | Clearswift | 4.3.8 (including) | 4.3.8 (including) |
Mailsweeper | Clearswift | 4.3.10 (including) | 4.3.10 (including) |
Mailsweeper | Clearswift | 4.3.11 (including) | 4.3.11 (including) |
Mailsweeper | Clearswift | 4.3.13 (including) | 4.3.13 (including) |
F-secure_anti-virus | F-secure | 4.51 (including) | 4.51 (including) |
F-secure_anti-virus | F-secure | 4.52 (including) | 4.52 (including) |
F-secure_anti-virus | F-secure | 4.60 (including) | 4.60 (including) |
F-secure_anti-virus | F-secure | 5.5 (including) | 5.5 (including) |
F-secure_anti-virus | F-secure | 5.41 (including) | 5.41 (including) |
F-secure_anti-virus | F-secure | 5.42 (including) | 5.42 (including) |
F-secure_anti-virus | F-secure | 5.52 (including) | 5.52 (including) |
F-secure_anti-virus | F-secure | 6.21 (including) | 6.21 (including) |
F-secure_anti-virus | F-secure | 2003 (including) | 2003 (including) |
F-secure_anti-virus | F-secure | 2004 (including) | 2004 (including) |
F-secure_for_firewalls | F-secure | 6.20 (including) | 6.20 (including) |
F-secure_internet_security | F-secure | 2003 (including) | 2003 (including) |
F-secure_internet_security | F-secure | 2004 (including) | 2004 (including) |
F-secure_personal_express | F-secure | 4.5 (including) | 4.5 (including) |
F-secure_personal_express | F-secure | 4.6 (including) | 4.6 (including) |
F-secure_personal_express | F-secure | 4.7 (including) | 4.7 (including) |
Internet_gatekeeper | F-secure | 6.31 (including) | 6.31 (including) |
Internet_gatekeeper | F-secure | 6.32 (including) | 6.32 (including) |
Winrar | Rarlab | 3.20 (including) | 3.20 (including) |
Lha | Redhat | 1.14i-9 (including) | 1.14i-9 (including) |
Propack | Sgi | 2.4 (including) | 2.4 (including) |
Propack | Sgi | 3.0 (including) | 3.0 (including) |
Cgpmcafee | Stalker | 3.2 (including) | 3.2 (including) |
Lha | Tsugio_okamoto | 1.14 (including) | 1.14 (including) |
Lha | Tsugio_okamoto | 1.15 (including) | 1.15 (including) |
Lha | Tsugio_okamoto | 1.17 (including) | 1.17 (including) |
Winzip | Winzip | 9.0 (including) | 9.0 (including) |
Red Hat Enterprise Linux 3 | RedHat | lha-0:1.14i-10.2 | * |
Red Hat Linux 9 | RedHat | * | |
Lha | Ubuntu | dapper | * |
Lha | Ubuntu | devel | * |
Lha | Ubuntu | edgy | * |
Lha | Ubuntu | feisty | * |