Gentoo Archives: gentoo-announce

From: Thierry Carrez <koon@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 200405-02 ] Multiple vulnerabilities in LHa
Date: Sun, 09 May 2004 17:41:22
Message-Id: 409E6D00.5090008@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 200405-02
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 http://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: High
11 Title: Multiple vulnerabilities in LHa
12 Date: May 09, 2004
13 Bugs: #49961
14 ID: 200405-02
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 Two stack-based buffer overflows and two directory traversal problems
22 have been found in LHa. These vulnerabilities can be used to execute
23 arbitrary code or as a denial of service attack.
24
25 Background
26 ==========
27
28 LHa is a console-based program for packing and unpacking LHarc
29 archives.
30
31 Affected packages
32 =================
33
34 -------------------------------------------------------------------
35 Package / Vulnerable / Unaffected
36 -------------------------------------------------------------------
37 1 app-arch/lha <= 114i-r1 >= 114i-r2
38
39 Description
40 ===========
41
42 Ulf Harnhammar found two stack overflows and two directory traversal
43 vulnerabilities in LHa version 1.14 and 1.17. A stack overflow occurs
44 when testing or extracting archives containing long file or directory
45 names. Furthermore, LHa doesn't contain sufficient protection against
46 relative or absolute archive paths.
47
48 Impact
49 ======
50
51 The stack overflows can be exploited to execute arbitrary code with the
52 rights of the user testing or extracting the archive. The directory
53 traversal vulnerabilities can be used to overwrite files in the
54 filesystem with the rights of the user extracting the archive,
55 potentially leading to denial of service or privilege escalation. Since
56 LHa is often interfaced to other software like an email virus scanner,
57 this attack can be used remotely.
58
59 Workaround
60 ==========
61
62 There is no known workaround at this time. All users are advised to
63 upgrade to the latest available version of LHa.
64
65 Resolution
66 ==========
67
68 All users of LHa should upgrade to the latest stable version:
69
70 # emerge sync
71
72 # emerge -pv ">=app-arch/lha-114i-r2"
73 # emerge ">=app-arch/lha-114i-r2"
74
75 References
76 ==========
77
78 [ 1 ] CAN-2004-0234
79 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234
80 [ 2 ] CAN-2004-0235
81 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235
82
83 Availability
84 ============
85
86 This GLSA and any updates to it are available for viewing at
87 the Gentoo Security Website:
88
89 http://security.gentoo.org/glsa/glsa-200405-02.xml
90
91 Concerns?
92 =========
93
94 Security is a primary focus of Gentoo Linux and ensuring the
95 confidentiality and security of our users machines is of utmost
96 importance to us. Any security concerns should be addressed to
97 security@g.o or alternatively, you may file a bug at
98 http://bugs.gentoo.org.
99
100 License
101 =======
102
103 Copyright 2004 Gentoo Technologies, Inc; referenced text
104 belongs to its owner(s).
105
106 The contents of this document are licensed under the
107 Creative Commons - Attribution / Share Alike license.
108
109 http://creativecommons.org/licenses/by-sa/1.0
110
111 -----BEGIN PGP SIGNATURE-----
112 Version: GnuPG v1.2.4 (GNU/Linux)
113 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
114
115 iD8DBQFAnm0AvcL1obalX08RAmW1AKCMX56LupqZSWbF/FfwJcjM0aYVZQCaAtiP
116 CwZqDSOo0VdmZWufjjM40co=
117 =+FA1
118 -----END PGP SIGNATURE-----