LHA directory traversal
| lha-directory-traversal (16013) |  Medium Risk |
Description:
LHA could allow a remote attacker to traverse directories on the system. A remote attacker could send a specially-crafted filename or directory name to LHA to traverse directories and view arbitrary files on the system.
Consequences:
File Manipulation
Remedy:
For Red Hat Linux 9:
Upgrade to the latest version of LHA (1.14i-9.1 or later), as listed in RHSA-2004:179-03. See References.
For Red Hat Linux:
Upgrade to the latest LHA package, as listed below. Refer to RHSA-2004:178-01 for more information. See References.
Red Hat Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1), and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor: 1.00-17.2 or later
Red Hat Enterprise Linux AS (v. 3), ES (v. 3), WS (v. 3), Desktop: 1.14i-10.2.x86_64 or later
For Conectiva Linux:
Upgrade to the latest lha package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:840 for more information. See References.
Conectiva Linux 8: 1.14i-2U80_1cl or later
Conectiva Linux 9: 1.14i-8382U90_1cl or later
For Slackware Linux:
Upgrade to the latest bin package, as listed below. Refer to slackware-security Mailing List, Tue, 4 May 2004 16:34:52 -0700 (PDT) for more information. See References.
Slackware Linux 8.1: 8.3.0-i386-32 or later
Slackware Linux 9.0: 8.5.0-i386-2 or later
Slackware Linux 9.1: 8.5.0-i486-2 or later
Slackware Linux -current: 9.0.0-i486-2 or later
For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest lha package (1.14i-2woody1 or later), as listed in DSA-515-1. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- Conectiva Linux Security Announcement CLSA-2004:840: lha.
- slackware-security Mailing List, Tue, 4 May 2004 16:34:52 -0700 (PDT): lha update in bin package (SSA:2004-125-01).
- BID-10243: Multiple LHA Buffer Overflow/Directory Traversal Vulnerabilities
- CVE-2004-0235: Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (//absolute/path).
- DSA-515: lha -- several vulnerabilities
- GLSA-200405-02: Multiple vulnerabilities in LHa
- RHSA-2004-178: lha security update
- RHSA-2004-179: An updated LHA package fixes security vulnerabilities
- SUSE-SA:2004:010: Linux Kernel: privilege escalation local DoS
- SUSE-SA:2004:011: Live CD 9.1: remote root access
Platforms Affected:
- Conectiva Linux 8.0
- Conectiva Linux 9.0
- Debian Debian Linux 3.0
- Gentoo Linux
- Novell SuSE Linux Enterprise Server 7.0
- Novell UnitedLinux 1.0
- RedHat Enterprise Linux 2.1 ES
- RedHat Enterprise Linux 2.1 AS
- RedHat Enterprise Linux 2.1 WS
- RedHat Enterprise Linux 2.1 AW
- RedHat Enterprise Linux 3 WS
- RedHat Enterprise Linux 3 ES
- RedHat Enterprise Linux 3 Desktop
- RedHat Enterprise Linux 3 AS
- RedHat Linux 9.0
- RedHat Linux Advanced Workstation 2.1 Itanium
- Slackware Slackware Linux 8.1
- Slackware Slackware Linux 9.0
- Slackware Slackware Linux 9.1
- Slackware Slackware Linux current
- SUSE SuSE Linux 8.1
- SUSE SuSE Linux 9.0
- SUSE SuSE Linux 9.1
- SuSE SuSE Linux Connectivity Server
- SuSE SuSE Linux Database Server
- SuSE SuSE Linux Desktop 1.0
- SuSE SuSE Linux Office Server
- Tsugio Okamoto LHA
Reported:
Apr 30, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net