CVE-2004-0235 Information

Feb 14, 2021 cve

Description

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (//absolute/path).

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840 http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html http://marc.info/?l=bugtraq&m=108422737918885&w=2 http://security.gentoo.org/glsa/glsa-200405-02.xml http://www.debian.org/security/2004/dsa-515 http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html http://www.redhat.com/support/errata/RHSA-2004-178.html http://www.redhat.com/support/errata/RHSA-2004-179.html http://www.securityfocus.com/bid/10243 https://bugzilla.fedora.us/show_bug.cgi?id=1833 https://exchange.xforce.ibmcloud.com/vulnerabilities/16013 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10409 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A978

Share on: