Vulnerability CVE-2004-0769

Vulnerability Name:

CVE-2004-0769 (CCN-16917)

Assigned:

2004-05-15

Published:

2004-05-15

Updated:

2017-10-11

Summary:

Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Tue Jun 15 2004 - 19:57:51 CDT
Re: [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities; Re:

Source: CONFIRM
Type: Exploit, Patch, Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=51285

Source: MITRE
Type: CNA
CVE-2004-0769

Source: MISC
Type: UNKNOWN
http://lw.ftw.zamosc.pl/lha-exploit.txt

Source: BUGTRAQ
Type: UNKNOWN
20040616 Re: [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities; Re:

Source: CCN
Type: RHSA-2004-323
lha security update

Source: CCN
Type: RHSA-2004-440
lha security update

Source: CCN
Type: CIAC Information Bulletin 0-210
LHA Packages Buffer Overflow Vulnerability

Source: CCN
Type: GLSA-200409-13
LHa: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200409-13

Source: REDHAT
Type: UNKNOWN
RHSA-2004:323

Source: REDHAT
Type: UNKNOWN
RHSA-2004:440

Source: CCN
Type: BID-11093
LHA Multiple Code Execution Vulnerabilities

Source: FEDORA
Type: UNKNOWN
FLSA:1833

Source: XF
Type: UNKNOWN
lha-long-pathname-bo(16917)

Source: XF
Type: UNKNOWN
lha-long-pathname-bo(16917)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11047

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:bugzilla:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:tsugio_okamoto:lha:1.14:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:11047	V	Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.	2013-04-29
oval:com.redhat.rhsa:def:20040323	P	RHSA-2004:323: lha security update (Important)	2004-09-01

BACK