CVE-2004-0771
CVE-2004-0771
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/24120unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.gentoo.org/show_bug.cgi?id=51285http://marc.info/?l=bugtraq&m=108668791510153https://bugzilla.fedora.us/show_bug.cgi?id=1833https://exchange.xforce.ibmcloud.com/vulnerabilities/16196https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595http://www.gentoo.org/security/en/glsa/glsa-200409-13.xmlhttp://www.redhat.com/support/errata/RHSA-2004-323.htmlhttp://www.redhat.com/support/errata/RHSA-2004-440.htmlhttp://www.securityfocus.com/archive/1/363418http://www.securityfocus.com/bid/10354