Bug 121417 - CAN-2004-0234/0235 lha security flaws
CAN-2004-0234/0235 lha security flaws
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: lha (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ngo Than
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-04-21 07:40 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-05-26 03:46:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2004-04-21 07:40:37 EDT
Ulf Härnhammar discovered two stack buffer overflows and two directory
traversal flaws in LHA.  An attacker could exploit the buffer
overflows by creating a carefully crafted LHA archive in such a way
that arbitrary code would be executed when the archive is tested or
extracted by a victim.  CAN-2004-0234.  An attacker could exploit the
directory traversal issues to create files as the victim outside of
the expected directory.  CAN-2004-0235.

This issue is embargoed until April 29th 2004.         

CAN-2004-0234/5 Affects: 3AS 3ES 3WS

CAN-2004-0234/5 Affects: 2.1AS 2.1AW 2.1ES 2.1WS (1.00 of lha, not yet
Comment 1 Mark J. Cox (Product Security) 2004-05-02 06:50:30 EDT
removing embargo
Comment 2 Leonard den Ottolander 2004-05-11 08:00:36 EDT
Mark, why don't you propagate these bugs to Fedora Core as well? I've
been mentioning this before, obviously without result.

If you are not responsible for Fedora Core security, then who is?
Comment 3 Mark J. Cox (Product Security) 2004-05-11 08:06:07 EDT
Yes; I opened about 10 security bugs into FC1 and FC2 earlier today
for tracking and updated our process document so we do so in the
future.  I didn't open one for lha since 1.14i-12.1 was built into
10-updates-candidate on May05 and will be available very soon.
Comment 4 Leonard den Ottolander 2004-05-11 08:17:29 EDT
Not opening a bug report because an update will be available soon is
not very transparent. Had I seen one I wouldn't have opened bug 123019...
Comment 5 Mark J. Cox (Product Security) 2004-05-26 03:46:03 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.