10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.934 High
EPSS
Percentile
99.1%
The Lhaca archiving program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.
LHA is an archive file format. LHA is used by the Lhaca compression utility.
A stack buffer overflow vulnerability exists in the Lhaca program. This vulnerability occurs due to insuffiecient bounds checking. Note that there are reports that this vulnerability is being publicly exploited.
A remote, unauthenticated attacker may be able to execute arbitrary code, or create a denial-of-service condition.
Upgrade
The vendor has released Lhaca version 1.23 to address this issue. Users are encouraged to upgrade as soon as possible.
871497
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: July 06, 2007
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
See <http://park8.wakwak.com/~app/Lhaca/> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23871497 Feedback>).
Notified: July 06, 2007 Updated: July 13, 2007
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 24, 2007
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: January 16, 2009
Statement Date: January 16, 2009
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 06, 2007 Updated: January 16, 2009
Statement Date: January 16, 2009
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 31, 2007
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 17, 2007
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 06, 2007 Updated: July 09, 2007
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 09, 2007
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 10, 2007
Not Affected
Not vulnerable, Red Hat do not ship the Lhaca file archiver.
Please note that an identical flaw was found affecting the lha file archiver in 2004, CVE-2004-0234. This issue was corrected by security update RHSA-2004:178 for Red Hat Enterprise Linux 2.1 and 3. Red Hat Enterprise Linux 4 was not vulnerable as it contained a backported patch to correct this issue from release.
<http://rhn.redhat.com/errata/RHSA-2004-178.html>
We are not aware of further vendor information regarding this vulnerability.
Notified: July 06, 2007 Updated: July 06, 2007
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 06, 2007 Updated: July 06, 2007
Not Affected
TippingPoint IPS is not affected by this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 06, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 06, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 06, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 06, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 06, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 05, 2007 Updated: July 05, 2007
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 68 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Lhaca, Symantec, and Vuln.sg for information that was used in this report.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2007-3375 |
---|---|
Severity Metric: | 4.02 Date Public: |
64.233.179.104/translate_c?hl=en&u=http://park8.wakwak.com/~app/Lhaca/overflow.html&prev=/search%3Fq%3Dlhaca%26hl%3Den%26client%3Dfirefox-a%26rls%3Dorg.mozilla:en-US:official%26hs%3DirC
en.wikipedia.org/wiki/LHA_(software)
oku.edu.mie-u.ac.jp/~okumura/compression/history.html
park8.wakwak.com/~app/Lhaca/
secunia.com/advisories/25826/
vuln.sg/lhaca121-en.html
www.securityfocus.com/bid/24604
www.symantec.com/enterprise/security_response/weblog/2007/06/beware_of_lzh.html