CVE-2004-0234 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0234
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0234

Description: Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16012 ST 1015866 SAID Secunia Advisory: SA19514 REDHAT http://www.redhat.com/support/errata/RHSA-2004-178.html http://www.redhat.com/support/errata/RHSA-2004-179.html OVAL http://oval.mitre.org/oval/definitions/data/oval977.html OSVDB 5754 5753 MISC http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt GENTOO http://security.gentoo.org/glsa/glsa-200405-02.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html FEDORA http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html DEBIAN http://www.debian.org/security/2004/dsa-515 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840 BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html http://marc.theaimsgroup.com/?l=bugtraq&m=108422737918885&w=2 BID 10243

Return to the previous page.