All the vulnerabilites related to LHa for UNIX project - LHa for UNIX
jvndb-2004-000170
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Lha Directory Traversal Vulnerability in Testing and Extracting Process
Details
LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
      "@product": "LHa for UNIX",
      "@vendor": "LHa for UNIX project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000170",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235",
      "@id": "CVE-2004-0235",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0235",
      "@id": "CVE-2004-0235",
      "@source": "NVD"
    },
    {
      "#text": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:978",
      "@id": "978",
      "@source": "OVAL"
    },
    {
      "#text": "http://www.securityfocus.com/bid/10243",
      "@id": "10243",
      "@source": "BID"
    },
    {
      "#text": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2",
      "@id": "LHA Advisory + Patch",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/16013",
      "@id": "16013",
      "@source": "XF"
    }
  ],
  "title": "Lha Directory Traversal Vulnerability in Testing and Extracting Process"
}

jvndb-2004-000197
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
LHA extrace_one Vuffer Overflow Vulnerability
Details
LHA lhext.c contains a buffer overflow vulnerability with the extract_one funcation, which stems from improper handling of a 'w' option argument.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000197.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "LHA lhext.c contains a buffer overflow vulnerability with the extract_one funcation, which stems from improper handling of a \u0027w\u0027 option argument.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000197.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
      "@product": "LHa for UNIX",
      "@vendor": "LHa for UNIX project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000197",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0771",
      "@id": "CVE-2004-0771",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0771",
      "@id": "CVE-2004-0771",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/11093",
      "@id": "11093",
      "@source": "BID"
    },
    {
      "#text": "http://www.securityfocus.com/bid/10354",
      "@id": "10354",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/16196",
      "@id": "16196",
      "@source": "XF"
    }
  ],
  "title": "LHA extrace_one Vuffer Overflow Vulnerability"
}

jvndb-2004-000195
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
LHA Arbitrary Command Execution Vulnerability with Shell Metacharacter in Directory Name
Details
LHA is vulnerable to arbitrary command execution due to improper handling of directory names cantaining shell metacharacters.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000195.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "LHA is vulnerable to arbitrary command execution due to improper handling of directory names cantaining shell metacharacters.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000195.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
      "@product": "LHa for UNIX",
      "@vendor": "LHa for UNIX project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000195",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0745",
      "@id": "CVE-2004-0745",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0745",
      "@id": "CVE-2004-0745",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/11093",
      "@id": "11093",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/17198",
      "@id": "17198",
      "@source": "XF"
    }
  ],
  "title": "LHA Arbitrary Command Execution Vulnerability with Shell Metacharacter in Directory Name"
}

jvndb-2004-000196
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
LHA Buffer Overflow Vulnerability with lack of Path Length Validation
Details
LHA is vulnerable to buffer overflow due to improper handling of a pathname in the LHarc Format 2 header for an .LHZ archive.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000196.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "LHA is vulnerable to buffer overflow due to improper handling of a pathname in the LHarc Format 2 header for an .LHZ archive.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000196.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
      "@product": "LHa for UNIX",
      "@vendor": "LHa for UNIX project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000196",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0769",
      "@id": "CVE-2004-0769",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0769",
      "@id": "CVE-2004-0769",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/11093",
      "@id": "11093",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/16917",
      "@id": "16917",
      "@source": "XF"
    }
  ],
  "title": "LHA Buffer Overflow Vulnerability with lack of Path Length Validation"
}

jvndb-2004-000169
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
LHa Vuffer Overflow Vulnerability in Testing and Extracting Process
Details
LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000169.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000169.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:lha_for_unix_project:lha_for_unix",
      "@product": "LHa for UNIX",
      "@vendor": "LHa for UNIX project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux",
      "@product": "Red Hat Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000169",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0234",
      "@id": "CVE-2004-0234",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0234",
      "@id": "CVE-2004-0234",
      "@source": "NVD"
    },
    {
      "#text": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:977",
      "@id": "977",
      "@source": "OVAL"
    },
    {
      "#text": "http://www.securityfocus.com/bid/10243",
      "@id": "10243",
      "@source": "BID"
    },
    {
      "#text": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2",
      "@id": "LHA Advisory + Patch",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/16012",
      "@id": "16012",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1015866",
      "@id": "1015866",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/1220",
      "@id": "FrSIRT/ADV-2006-1220",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://osvdb.org/5753",
      "@id": "5753",
      "@source": "OSVDB"
    },
    {
      "#text": "http://osvdb.org/5754",
      "@id": "5754",
      "@source": "OSVDB"
    }
  ],
  "title": "LHa Vuffer Overflow Vulnerability in Testing and Extracting Process"
}