CVE Vulnerabilities

CVE-2004-0771

Published: Nov 23, 2004 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

Affected Software

Name Vendor Start Version End Version
Lha Tsugio_okamoto 1.14 (including) 1.14 (including)
Lha Tsugio_okamoto 1.15 (including) 1.15 (including)
Lha Tsugio_okamoto 1.17 (including) 1.17 (including)
Red Hat Enterprise Linux 3 RedHat lha-0:1.14i-10.4 *
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 RedHat *
Red Hat Enterprise Linux ES version 2.1 RedHat *
Red Hat Enterprise Linux WS version 2.1 RedHat *
Red Hat Linux Advanced Workstation 2.1 RedHat *
Lha Ubuntu dapper *
Lha Ubuntu devel *
Lha Ubuntu edgy *
Lha Ubuntu feisty *

References