FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lha -- numerous vulnerabilities when extracting archives

Affected packages
		lha	<	1.14i_6

Details

VuXML ID	273cc1a3-0d6b-11d9-8a8a-000c41e2cdad
Discovery	2004-05-17
Entry	2004-09-23

Source code reviews of lha by Lukasz Wojtow, Thomas Biege, and others uncovered a number of vulnerabilities affecting lha:

Buffer overflows when handling archives and filenames. (CVE-2004-0694)
Possible command execution via shell meta-characters when built with NOMKDIR. (CVE-2004-0745)
Buffer overflow resulting in arbitrary code execution when handling long pathnames in LHZ archives. (CVE-2004-0769)
Buffer overflow in the extract_one. (CVE-2004-0771)

References

Bugtraq ID	10354
CVE Name	CVE-2004-0694
CVE Name	CVE-2004-0745
CVE Name	CVE-2004-0769
CVE Name	CVE-2004-0771
Message	20040515110900.24784.qmail@www.securityfocus.com
Message	20040606162856.29866.qmail@www.securityfocus.com
URL	http://bugs.gentoo.org/show_bug.cgi?id=51285
URL	http://xforce.iss.net/xforce/xfdb/16196

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.