Lhaplus LZH Archive Extended Header Processing Overflow

2006-07-31T09:04:02
ID OSVDB:27667
Type osvdb
Reporter Tan Chew Keong(chewkeong@vuln.sg)
Modified 2006-07-31T09:04:02

Description

Vulnerability Description

A local overflow exists in Lhaplus. Lhaplus fails to handle specialy crafted LZH files resulting in a heap overflow. With a specially crafted LZH file containing an "extended header size" in the file header set to 256 or more, an attacker can execute arbitrary commands resulting in a loss of integrity and/or availability.

Solution Description

Upgrade to version 1.53 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Lhaplus. Lhaplus fails to handle specialy crafted LZH files resulting in a heap overflow. With a specially crafted LZH file containing an "extended header size" in the file header set to 256 or more, an attacker can execute arbitrary commands resulting in a loss of integrity and/or availability.

References:

Vendor URL: http://www7a.biglobe.ne.jp/~schezo/ Security Tracker: 1016615 Secunia Advisory ID:21256 Other Advisory URL: http://vuln.sg/lhaplus152-en.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0769.html ISS X-Force ID: 28102 FrSIRT Advisory: ADV-2006-3076 CVE-2006-4033 Bugtraq ID: 19263