LHA: stack buffer overflows and directory traversal flaws [LWN.net]

Package(s):

LHA

CVE #(s):

CAN-2004-0234 CAN-2004-0235

Created:

April 30, 2004

Updated:

June 11, 2004

Description:

LHA is an archiving and compression utility for LHarc format archives. Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. See this advisory+patch for more details.

CAN-2004-0234: An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim.

CAN-2004-0235: An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory.

Alerts:

Whitebox	WBSA-2004:178-01	2004-06-10
Debian	DSA-515-1	2004-06-05
Red Hat	RHSA-2004:178-01	2004-05-26
Fedora	FEDORA-2004-119	2004-05-11
Gentoo	200405-02	2004-05-09
Conectiva	CLA-2004:840	2004-05-06
Slackware	SSA:2004-125-01	2004-05-04
Red Hat	RHSA-2004:179-01	2004-04-30

(Log in to post comments)

Mandrake Linux upgrade available

Posted May 21, 2004 8:55 UTC (Fri) by gw666 (guest, #12326) [Link]

Hi everybody,

you might have noticed that there was no MandrakeSoft advisory for this issue. Lha is available as a unsupported contrib package, but it has been patched in the release 1.14i-10mdk available for Mandrakelinux Cooker and 10.0 Community.

LHA: stack buffer overflows and directory traversal flaws

Posted May 27, 2004 11:53 UTC (Thu) by kreutzm (subscriber, #4700) [Link]

A security update for Debian i386 is available, and pending the compilation on other architectures, an official DSA might come as well, c.f. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=250271.

This is an especially good read for people using non-free (or contrib) software in Debian and the implications for them.