CVE-2004-0235

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
http://marc.info/?l=bugtraq&m=108422737918885&w=2
http://security.gentoo.org/glsa/glsa-200405-02.xml
http://www.debian.org/security/2004/dsa-515
http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
http://www.redhat.com/support/errata/RHSA-2004-178.html
http://www.redhat.com/support/errata/RHSA-2004-179.html
http://www.securityfocus.com/bid/10243	Exploit Patch Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=1833
https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
http://marc.info/?l=bugtraq&m=108422737918885&w=2
http://security.gentoo.org/glsa/glsa-200405-02.xml
http://www.debian.org/security/2004/dsa-515
http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
http://www.redhat.com/support/errata/RHSA-2004-178.html
http://www.redhat.com/support/errata/RHSA-2004-179.html
http://www.securityfocus.com/bid/10243	Exploit Patch Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=1833
https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:clearswift:mailsweeper:4.0:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.1:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.2:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.3:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.4:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.5:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.6:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.7:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.8:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.10:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.11:::::::*
	cpe:2.3:a:clearswift:mailsweeper:4.3.13:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.60::samba_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.5::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::mimesweeper:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::mimesweeper:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.21::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:2003:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:2004:::::::*
	cpe:2.3:a:f-secure:f-secure_for_firewalls:6.20:::::::*
	cpe:2.3:a:f-secure:f-secure_internet_security:2003:::::::*
	cpe:2.3:a:f-secure:f-secure_internet_security:2004:::::::*
	cpe:2.3:a:f-secure:f-secure_personal_express:4.5:::::::*
	cpe:2.3:a:f-secure:f-secure_personal_express:4.6:::::::*
	cpe:2.3:a:f-secure:f-secure_personal_express:4.7:::::::*
	cpe:2.3:a:f-secure:internet_gatekeeper:6.31:::::::*
	cpe:2.3:a:f-secure:internet_gatekeeper:6.32:::::::*
	cpe:2.3:a:rarlab:winrar:3.20:::::::*
	cpe:2.3:a:redhat:lha:1.14i-9::i386:::::
	cpe:2.3:a:sgi:propack:2.4:::::::*
	cpe:2.3:a:sgi:propack:3.0:::::::*
	cpe:2.3:a:stalker:cgpmcafee:3.2:::::::*
	cpe:2.3:a:tsugio_okamoto:lha:1.14:::::::*
	cpe:2.3:a:tsugio_okamoto:lha:1.15:::::::*
	cpe:2.3:a:tsugio_okamoto:lha:1.17:::::::*
	cpe:2.3:a:winzip:winzip:9.0:::::::*

Configuration 2 (hide)

cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:48

Type	Values Removed	Values Added
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840 -~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840 -
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html -~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html -
References	~~() http://marc.info/?l=bugtraq&m=108422737918885&w=2 -~~	() http://marc.info/?l=bugtraq&m=108422737918885&w=2 -
References	~~() http://security.gentoo.org/glsa/glsa-200405-02.xml -~~	() http://security.gentoo.org/glsa/glsa-200405-02.xml -
References	~~() http://www.debian.org/security/2004/dsa-515 -~~	() http://www.debian.org/security/2004/dsa-515 -
References	~~() http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html -~~	() http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2004-178.html -~~	() http://www.redhat.com/support/errata/RHSA-2004-178.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2004-179.html -~~	() http://www.redhat.com/support/errata/RHSA-2004-179.html -
References	~~() http://www.securityfocus.com/bid/10243 - Exploit, Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/10243 - Exploit, Patch, Vendor Advisory
References	~~() https://bugzilla.fedora.us/show_bug.cgi?id=1833 -~~	() https://bugzilla.fedora.us/show_bug.cgi?id=1833 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/16013 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/16013 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978 -

Information

Published : 2004-08-18 04:00

Updated : 2024-11-20 23:48

NVD link : CVE-2004-0235

Mitre link : CVE-2004-0235

CVE.ORG link : CVE-2004-0235

JSON object : View

Products Affected

redhat

lha
fedora_core

f-secure

internet_gatekeeper
f-secure_anti-virus
f-secure_personal_express
f-secure_for_firewalls
f-secure_internet_security

winzip

winzip

clearswift

mailsweeper

tsugio_okamoto

stalker

cgpmcafee

rarlab

winrar

sgi

propack

CWE

NVD-CWE-Other

6.4 /10