Vulnerability CVE-2004-0235 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0235 (CCN-16013)

Assigned:

2004-04-30

Published:

2004-04-30

Updated:

2017-10-11

Summary:

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2004-0235

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:840

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:840
lha

Source: FULLDISC
Type: UNKNOWN
20040501 LHa buffer overflows and directory traversal problems

Source: BUGTRAQ
Type: UNKNOWN
20040510 [Ulf Harnhammar]: LHA Advisory + Patch

Source: CCN
Type: RHSA-2004-178
lha security update

Source: CCN
Type: RHSA-2004-179
An updated LHA package fixes security vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200405-02

Source: DEBIAN
Type: UNKNOWN
DSA-515

Source: DEBIAN
Type: DSA-515
lha -- several vulnerabilities

Source: CCN
Type: GLSA-200405-02
Multiple vulnerabilities in LHa

Source: FEDORA
Type: UNKNOWN
FEDORA-2004-119

Source: REDHAT
Type: UNKNOWN
RHSA-2004:178

Source: REDHAT
Type: UNKNOWN
RHSA-2004:179

Source: BID
Type: Exploit, Patch, Vendor Advisory
10243

Source: CCN
Type: BID-10243
Multiple LHA Buffer Overflow/Directory Traversal Vulnerabilities

Source: CCN
Type: slackware-security Mailing List, Tue, 4 May 2004 16:34:52 -0700 (PDT)
lha update in bin package (SSA:2004-125-01)

Source: FEDORA
Type: UNKNOWN
FLSA:1833

Source: XF
Type: UNKNOWN
lha-directory-traversal(16013)

Source: XF
Type: UNKNOWN
lha-directory-traversal(16013)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10409

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:978

Source: SUSE
Type: SUSE-SA:2004:010
Linux Kernel: privilege escalation local DoS

Source: SUSE
Type: SUSE-SA:2004:011
Live CD 9.1: remote root access

Vulnerable Configuration:

Configuration 1:

cpe:/a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*

OR cpe:/a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:4.51:*:linux_workstations:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:2003:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_for_firewalls:6.20:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_internet_security:2003:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_personal_express:4.5:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_personal_express:4.6:*:*:*:*:*:*:*

OR cpe:/a:f-secure:f-secure_personal_express:4.7:*:*:*:*:*:*:*

OR cpe:/a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*

OR cpe:/a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*

OR cpe:/a:rarlab:winrar:3.20:*:*:*:*:*:*:*

OR cpe:/a:redhat:lha:1.14i-9:*:i386:*:*:*:*:*

OR cpe:/a:sgi:propack:2.4:*:*:*:*:*:*:*

OR cpe:/a:sgi:propack:3.0:*:*:*:*:*:*:*

OR cpe:/a:stalker:cgpmcafee:3.2:*:*:*:*:*:*:*

OR cpe:/a:tsugio_okamoto:lha:1.14:*:*:*:*:*:*:*

OR cpe:/a:tsugio_okamoto:lha:1.15:*:*:*:*:*:*:*

OR cpe:/a:tsugio_okamoto:lha:1.17:*:*:*:*:*:*:*

OR cpe:/a:winzip:winzip:9.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:tsugio_okamoto:lha:1.14:*:*:*:*:*:*:*

AND

cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*

OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*

OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*

OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20040235	V	CVE-2004-0235	2015-11-16
oval:org.mitre.oval:def:10409	V	Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").	2013-04-29
oval:org.mitre.oval:def:978	V	Multiple Directory Traversal Vulnerabilities in LHA	2004-07-12
oval:org.debian:def:515	V	several vulnerabilities	2004-06-05
oval:com.redhat.rhsa:def:20040178	P	RHSA-2004:178: lha security update (Important)	2004-05-26