CVE-2004-0234

Current Description

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

Basic Data

PublishedAugust 18, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationClearswiftMailsweeper4.0*******
    2.3ApplicationClearswiftMailsweeper4.1*******
    2.3ApplicationClearswiftMailsweeper4.2*******
    2.3ApplicationClearswiftMailsweeper4.3*******
    2.3ApplicationClearswiftMailsweeper4.3.3*******
    2.3ApplicationClearswiftMailsweeper4.3.4*******
    2.3ApplicationClearswiftMailsweeper4.3.5*******
    2.3ApplicationClearswiftMailsweeper4.3.6*******
    2.3ApplicationClearswiftMailsweeper4.3.6_sp1*******
    2.3ApplicationClearswiftMailsweeper4.3.7*******
    2.3ApplicationClearswiftMailsweeper4.3.8*******
    2.3ApplicationClearswiftMailsweeper4.3.10*******
    2.3ApplicationClearswiftMailsweeper4.3.11*******
    2.3ApplicationClearswiftMailsweeper4.3.13*******
    2.3ApplicationF-secureF-secure Anti-virus4.51*linux_gateways*****
    2.3ApplicationF-secureF-secure Anti-virus4.51*linux_servers*****
    2.3ApplicationF-secureF-secure Anti-virus4.51*linux_workstations*****
    2.3ApplicationF-secureF-secure Anti-virus4.52*linux_gateways*****
    2.3ApplicationF-secureF-secure Anti-virus4.52*linux_servers*****
    2.3ApplicationF-secureF-secure Anti-virus4.52*linux_workstations*****
    2.3ApplicationF-secureF-secure Anti-virus4.60*samba_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.5*client_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.41*mimesweeper*****
    2.3ApplicationF-secureF-secure Anti-virus5.41*windows_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.41*workstations*****
    2.3ApplicationF-secureF-secure Anti-virus5.42*mimesweeper*****
    2.3ApplicationF-secureF-secure Anti-virus5.42*windows_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.42*workstations*****
    2.3ApplicationF-secureF-secure Anti-virus5.52*client_security*****
    2.3ApplicationF-secureF-secure Anti-virus6.21*ms_exchange*****
    2.3ApplicationF-secureF-secure Anti-virus2003*******
    2.3ApplicationF-secureF-secure Anti-virus2004*******
    2.3ApplicationF-secureF-secure For Firewalls6.20*******
    2.3ApplicationF-secureF-secure Internet Security2003*******
    2.3ApplicationF-secureF-secure Internet Security2004*******
    2.3ApplicationF-secureF-secure Personal Express4.5*******
    2.3ApplicationF-secureF-secure Personal Express4.6*******
    2.3ApplicationF-secureF-secure Personal Express4.7*******
    2.3ApplicationF-secureInternet Gatekeeper6.31*******
    2.3ApplicationF-secureInternet Gatekeeper6.32*******
    2.3ApplicationRarlabWinrar3.20*******
    2.3ApplicationRedhatLha1.14i-9*i386*****
    2.3ApplicationSgiPropack2.4*******
    2.3ApplicationSgiPropack3.0*******
    2.3ApplicationStalkerCgpmcafee3.2*******
    2.3ApplicationTsugio OkamotoLha1.14*******
    2.3ApplicationTsugio OkamotoLha1.15*******
    2.3ApplicationTsugio OkamotoLha1.17*******
    2.3ApplicationWinzipWinzip9.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatFedora Corecore_1.0*******

Vulnerable Software List

VendorProductVersions
Tsugio Okamoto Lha 1.14, 1.15, 1.17
Rarlab Winrar 3.20
Clearswift Mailsweeper 4.0, 4.1, 4.2, 4.3, 4.3.10, 4.3.11, 4.3.13, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.6_sp1, 4.3.7, 4.3.8
F-secure F-secure Anti-virus 2003, 2004, 4.51, 4.52, 4.60, 5.41, 5.42, 5.5, 5.52, 6.21
F-secure F-secure For Firewalls 6.20
F-secure F-secure Internet Security 2003, 2004
F-secure F-secure Personal Express 4.5, 4.6, 4.7
F-secure Internet Gatekeeper 6.31, 6.32
Redhat Lha 1.14i-9
Redhat Fedora Core core_1.0
Sgi Propack 2.4, 3.0
Winzip Winzip 9.0
Stalker Cgpmcafee 3.2

References

NameSourceURLTags
20060403 Barracuda LHA archiver security bug leads to remote compromisehttp://archives.neohapsis.com/archives/bugtraq/2006-04/0059.htmlBUGTRAQ
CLA-2004:840http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840CONECTIVA
20040501 LHa buffer overflows and directory traversal problemshttp://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.htmlFULLDISC
20040502 Lha local stack overflow Proof Of Concept Codehttp://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.htmlFULLDISC
20040510 [Ulf Harnhammar]: LHA Advisory + Patchhttp://marc.info/?l=bugtraq&m=108422737918885&w=2BUGTRAQ
19514http://secunia.com/advisories/19514SECUNIAVendor Advisory
GLSA-200405-02http://security.gentoo.org/glsa/glsa-200405-02.xmlGENTOO
1015866http://securitytracker.com/id?1015866SECTRACK
DSA-515http://www.debian.org/security/2004/dsa-515DEBIAN
http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txthttp://www.guay-leroux.com/projects/barracuda-advisory-LHA.txtMISC
5753http://www.osvdb.org/5753OSVDB
5754http://www.osvdb.org/5754OSVDB
FEDORA-2004-119http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.htmlFEDORA
RHSA-2004:178http://www.redhat.com/support/errata/RHSA-2004-178.htmlREDHAT
RHSA-2004:179http://www.redhat.com/support/errata/RHSA-2004-179.htmlREDHAT
10243http://www.securityfocus.com/bid/10243BIDExploit PATCH Vendor Advisory
ADV-2006-1220http://www.vupen.com/english/advisories/2006/1220VUPENVendor Advisory
FLSA:1833https://bugzilla.fedora.us/show_bug.cgi?id=1833FEDORA
lha-multiple-bo(16012)https://exchange.xforce.ibmcloud.com/vulnerabilities/16012XF
oval:org.mitre.oval:def:977https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977OVAL
oval:org.mitre.oval:def:9881https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881OVAL