LHA get_header Directory Name Overflow

2004-04-30T16:09:06
ID OSVDB:5754
Type osvdb
Reporter Ulf Härnhammar(Ulf.Harnhammar.9485@student.uu.se)
Modified 2004-04-30T16:09:06

Description

Vulnerability Description

A remote overflow exists in LHA. The get_header() function fails to perform proper bounds checking resulting in a buffer overflow. By sending a LHA archive with a overly long directory name, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. Consult your vendor for an appropriate patch.

On June 06, 2004, Lukasz Wojtow demonstrated that the initial patch did not mitigate this vulnerability. Ensure you have the latest vendor patch available.

Short Description

A remote overflow exists in LHA. The get_header() function fails to perform proper bounds checking resulting in a buffer overflow. By sending a LHA archive with a overly long directory name, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11510 Secunia Advisory ID:11779 Related OSVDB ID: 5753 Related OSVDB ID: 5755 RedHat RHSA: RHSA-2004:178-09 Mail List Post: http://lists.netsys.com/pipermail/full-disclosure/2004-May/020776.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-05/0142.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0104.html ISS X-Force ID: 16012 Generic Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/overflow.lha.uuc.gz CVE-2004-0234 Bugtraq ID: 10243