| Revision Date: | 2004-07-12 | Version: | 3 |
| Title: | Multiple Directory Traversal Vulnerabilities in LHA |
| Description: | Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). |
| Family: | unix | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2004-0235
|
| Platform(s): | Red Hat Enterprise Linux 3
| Product(s): | |
| Definition Synopsis |
| Software section Red Hat Enterprise 3 is installed
AND lha version is less than 1.14i-10.2
AND Configuration section
/usr/bin/lha is executable
/usr/bin/lha is executable
OR /usr/bin/lha is executable
OR /usr/bin/lha is executable
|