(Fedora Issues Fix) lha Buffer Overflows Let Remote Users Create Malicious Archives to Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > lha

Vendors: [Multiple Authors/Vendors]

(Fedora Issues Fix) lha Buffer Overflows Let Remote Users Create Malicious Archives to Execute Arbitrary Code

SecurityTracker Alert ID: 1010196

SecurityTracker URL: http://securitytracker.com/id/1010196

CVE Reference: CAN-2004-0234, CAN-2004-0235 (Links to External Site)

Date: May 18 2004

Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 1.14i-12.1

Description: Several vulnerabilities were reported in the 'lha' LHarc archive processor. A remote user can create a malicious archive that will execute arbitrary code or write files to other directories on the system.

Red Hat reported that there are two stack buffer overflows and two directory traversal flaws in LHA.

A remote user can create a specially crafted LHA archive that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can also create a specially crafted LHA archive that, when expanded by the target user, will create files on the target user's system in a location outside of the current directory.

Ulf Harnhammar is credited with discovering these flaws.

Impact: A remote user can create an archive that, when processed by a target user, will execute arbitrary code on the target user's system with the privileges of the target user or will create files on the target user's system that are located outside of the expected directory.

Solution: Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

298cc75d90f489e4b71432bfb349162b SRPMS/lha-1.14i-12.1.src.rpm
57238f4d4ec1779fb54c8e36433f9351 i386/lha-1.14i-12.1.i386.rpm
242bf89b6fdc64405e4d9d33a1720934
i386/debug/lha-debuginfo-1.14i-12.1.i386.rpm
2aac21d1d3cc6b1c70d71e275c8f477c x86_64/lha-1.14i-12.1.x86_64.rpm
f00e196233a73f4093856ecd29b921d4
x86_64/debug/lha-debuginfo-1.14i-12.1.x86_64.rpm

Cause: Access control error, Boundary error, Input validation error

Underlying OS: Linux (Red Hat Fedora)

Message History: This archive entry is a follow-up to the message listed below.

lha Buffer Overflows Let Remote Users Create Malicious Archives to Execute Arbitrary Code

Source Message Contents

Date: Tue, 11 May 2004 17:05:40 +0200
Subject: [SECURITY] Fedora Core 1 Update: lha-1.14i-12.1


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-119
2004-05-11
---------------------------------------------------------------------

Name        : lha
Version     : 1.14i
Release     : 12.1
Summary     : An archiving and compression utility for LHarc format 
archives.
Description :
LHA is an archiving and compression utility for LHarc format archives.
LHA is mostly used in the DOS world, but can be used under Linux to
extract DOS files from LHA archives.

Install the lha package if you need to extract DOS files from LHA archives.

---------------------------------------------------------------------
Update Information:

Ulf Härnhammar discovered two stack buffer overflows and two directory
traversal flaws in LHA. An attacker could exploit the buffer
overflows by creating a carefully crafted LHA archive in such a way
that arbitrary code would be executed when the archive is tested or
extracted by a victim. CAN-2004-0234. An attacker could exploit the
directory traversal issues to create files as the victim outside of
the expected directory. CAN-2004-0235.

---------------------------------------------------------------------
* Wed May 05 2004 Than Ngo <than@redhat.com> 1.14i-12.1

- fix security vulnerabilities, CAN-2004-0234, CAN-2004-0235


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

298cc75d90f489e4b71432bfb349162b  SRPMS/lha-1.14i-12.1.src.rpm
57238f4d4ec1779fb54c8e36433f9351  i386/lha-1.14i-12.1.i386.rpm
242bf89b6fdc64405e4d9d33a1720934  
i386/debug/lha-debuginfo-1.14i-12.1.i386.rpm
2aac21d1d3cc6b1c70d71e275c8f477c  x86_64/lha-1.14i-12.1.x86_64.rpm
f00e196233a73f4093856ecd29b921d4  
x86_64/debug/lha-debuginfo-1.14i-12.1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------



--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC