ID CVE-2004-0235
Summary Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
References
Vulnerable Configurations
  • cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_workstations:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_workstations:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:2003:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_for_firewalls:6.20:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_for_firewalls:6.20:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_security:2003:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_security:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_personal_express:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_personal_express:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_personal_express:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_personal_express:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_personal_express:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_personal_express:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*
  • cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:*
    cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:lha:1.14i-9:*:i386:*:*:*:*:*
    cpe:2.3:a:redhat:lha:1.14i-9:*:i386:*:*:*:*:*
  • cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:stalker:cgpmcafee:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:stalker:cgpmcafee:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tsugio_okamoto:lha:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:tsugio_okamoto:lha:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:tsugio_okamoto:lha:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:tsugio_okamoto:lha:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:tsugio_okamoto:lha:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:tsugio_okamoto:lha:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
oval via4
  • accepted 2013-04-29T04:05:25.234-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
    family unix
    id oval:org.mitre.oval:def:10409
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
    version 29
  • accepted 2004-07-12T12:00:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
    family unix
    id oval:org.mitre.oval:def:978
    status accepted
    submitted 2004-06-10T12:00:00.000-04:00
    title Multiple Directory Traversal Vulnerabilities in LHA
    version 4
redhat via4
advisories
  • rhsa
    id RHSA-2004:178
  • rhsa
    id RHSA-2004:179
rpms
  • lha-0:1.14i-10.2
  • lha-debuginfo-0:1.14i-10.2
refmap via4
bid 10243
bugtraq 20040510 [Ulf Harnhammar]: LHA Advisory + Patch
conectiva CLA-2004:840
debian DSA-515
fedora
  • FEDORA-2004-119
  • FLSA:1833
fulldisc 20040501 LHa buffer overflows and directory traversal problems
gentoo GLSA-200405-02
xf lha-directory-traversal(16013)
Last major update 11-10-2017 - 01:29
Published 18-08-2004 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top