Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 247599 - (CVE-2007-3375) CVE-2007-3375 lhaca issue might affect lha packages
CVE-2007-3375 lhaca issue might affect lha packages
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
reported=20070705,public=20070701,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-10 05:50 EDT by Mark J. Cox
Modified: 2007-07-10 09:36 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-10 09:36:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Mark J. Cox 2007-07-10 05:50:20 EDT 
CERT notified us of a flaw in Lhaca LHA Extended Header handling, but on closer
look at the advisory this looks really similar to the code in header.c in lharc
as distributed in older RHEL releases.  

http://vuln.sg/lhaca121-en.html

We need to look through the lharc code for older RHEL to make sure it is not
vulnerable to this issue.

Marking this bug as private for now, as it isn't public that this might affect
lharc too.
Comment 2 Mark J. Cox 2007-07-10 09:36:30 EDT 
This is fixed in Red Hat packages by lha-114i-sec.patch.

Investigation showed that this was in fact the issue from 2004:
http://marc.info/?l=bugtraq&m=108422737918885&w=2  CVE-2004-0234

So LHACA appeared to be vulnerable to this issue due to shared codebase.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.