| Vulnerability Name: | CVE-2004-0771 (CCN-16196) | ||||||||||||||||
| Assigned: | 2004-05-15 | ||||||||||||||||
| Published: | 2004-05-15 | ||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||
| Summary: | Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. Note: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | ||||||||||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat May 15 2004 - 06:09:00 CDT lha buffer overflow(s) again Source: CCN Type: BugTraq Mailing List, Wed Jun 09 2004 - 20:11:17 CDT Re: [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities; Re: Source: MISC Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=51285 Source: MITRE Type: CNA CVE-2004-0771 Source: BUGTRAQ Type: UNKNOWN 20040606 Re: [SECURITY] [DSA 515-1] New lha packages fix several Source: CCN Type: RHSA-2004-323 lha security update Source: CCN Type: RHSA-2004-440 lha security update Source: CCN Type: CIAC Information Bulletin 0-210 LHA Packages Buffer Overflow Vulnerability Source: CCN Type: GLSA-200409-13 LHa: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200409-13 Source: REDHAT Type: UNKNOWN RHSA-2004:323 Source: REDHAT Type: UNKNOWN RHSA-2004:440 Source: BUGTRAQ Type: UNKNOWN 20040515 lha buffer overflow(s) again Source: BID Type: Patch, Vendor Advisory 10354 Source: CCN Type: BID-10354 LHA Multiple extract_one Buffer Overflow Vulnerabilities Source: CCN Type: BID-11093 LHA Multiple Code Execution Vulnerabilities Source: FEDORA Type: UNKNOWN FLSA:1833 Source: XF Type: UNKNOWN lha-extractone-bo(16196) Source: XF Type: UNKNOWN lha-extractone-bo(16196) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9595 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||