PDA

Visualizza versione completa : LHA Multiple Vulnerabilities


Giorgius
03-09-2004, 12.26.00
Effetti:
Multiple vulnerabilities have been reported in LHA, which can be exploited by malicious people to compromise a user's system.

1) A vulnerability caused due to boundary errors in the parsing of archives can be exploited using a specially crafted archive to cause a buffer overflow when a user extracts or tests the archive.

Successful exploitation may allow execution of arbitrary code.

2) Some boundary errors in the parsing of command-line arguments can be exploited using a specially crafted command-line argument to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

3) A vulnerability caused due to insufficient validation of shell meta characters in directories can be exploited to inject arbitrary shell commands.

The vulnerabilities have been reported in version 1.14 and prior.


Info:
http://secunia.com/advisories/12435/

Giorgius
03-09-2004, 12.27.36
Effetti:
Red Hat has issued an update for LHA. This fixes some vulnerabilities, which can be exploited to compromise a user's system.

Info:
http://secunia.com/advisories/12437/