[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0234Date: (C)2004-08-18   (M)2023-12-22


Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1015866
BID-10243
SECUNIA-19514
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html
http://marc.info/?l=bugtraq&m=108422737918885&w=2
http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html
OSVDB-5753
OSVDB-5754
ADV-2006-1220
CLA-2004:840
DSA-515
FEDORA-2004-119
FLSA:1833
GLSA-200405-02
RHSA-2004:178
RHSA-2004:179
http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt
lha-multiple-bo(16012)
oval:org.mitre.oval:def:977
oval:org.mitre.oval:def:9881

CPE    3
cpe:/a:winzip:winzip:9.0
cpe:/a:sgi:propack:2.4
cpe:/a:sgi:propack:3.0
CWE    1
CWE-119

© SecPod Technologies