CVE-2004-0235
CVE-2004-0235
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.htmlhttp://marc.info/?l=bugtraq&m=108422737918885&w=2https://bugzilla.fedora.us/show_bug.cgi?id=1833http://security.gentoo.org/glsa/glsa-200405-02.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/16013https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978http://www.debian.org/security/2004/dsa-515http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.htmlhttp://www.redhat.com/support/errata/RHSA-2004-178.htmlhttp://www.redhat.com/support/errata/RHSA-2004-179.html