CVE-2004-0234

Description

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

Affected products

• clearswift / mailsweeper4.3.4 – 4.3.4
• clearswift / mailsweeper4.3.5 – 4.3.5
• clearswift / mailsweeper4.3.6 – 4.3.6
• clearswift / mailsweeper4.3.6_sp1 – 4.3.6_sp1
• clearswift / mailsweeper4.3.7 – 4.3.7
• clearswift / mailsweeper4.3.8 – 4.3.8
• clearswift / mailsweeper4.3.10 – 4.3.10
• clearswift / mailsweeper4.3.11 – 4.3.11
• clearswift / mailsweeper4.3.13 – 4.3.13
• clearswift / mailsweeper4.0 – 4.0
• clearswift / mailsweeper4.1 – 4.1
• clearswift / mailsweeper4.2 – 4.2
• clearswift / mailsweeper4.3.3 – 4.3.3
• clearswift / mailsweeper4.3 – 4.3
• F-Secure / f-secure_anti-virus5.42 – 5.42
• F-Secure / f-secure_anti-virus5.52 – 5.52
• F-Secure / f-secure_anti-virus6.21 – 6.21
• F-Secure / f-secure_anti-virus2003 – 2003
• F-Secure / f-secure_anti-virus2004 – 2004
• F-Secure / f-secure_anti-virus4.51 – 4.51
• F-Secure / f-secure_anti-virus4.51 – 4.51
• F-Secure / f-secure_anti-virus4.51 – 4.51
• F-Secure / f-secure_anti-virus4.52 – 4.52
• F-Secure / f-secure_anti-virus4.52 – 4.52
• F-Secure / f-secure_anti-virus4.52 – 4.52
• F-Secure / f-secure_anti-virus4.60 – 4.60
• F-Secure / f-secure_anti-virus5.5 – 5.5
• F-Secure / f-secure_anti-virus5.41 – 5.41
• F-Secure / f-secure_anti-virus5.41 – 5.41
• F-Secure / f-secure_anti-virus5.41 – 5.41
• F-Secure / f-secure_anti-virus5.42 – 5.42
• F-Secure / f-secure_anti-virus5.42 – 5.42
• F-Secure / f-secure_for_firewalls6.20 – 6.20
• F-Secure / f-secure_internet_security2003 – 2003
• F-Secure / f-secure_internet_security2004 – 2004
• F-Secure / f-secure_personal_express4.5 – 4.5
• F-Secure / f-secure_personal_express4.6 – 4.6
• F-Secure / f-secure_personal_express4.7 – 4.7
• F-Secure / internet_gatekeeper6.31 – 6.31
• F-Secure / internet_gatekeeper6.32 – 6.32
• RARLAB / WinRAR3.20 – 3.20
• RedHat / fedora_corecore_1.0 – core_1.0
• RedHat / lha1.14i-9 – 1.14i-9
• sgi / propack3.0 – 3.0
• sgi / propack2.4 – 2.4
• stalker / cgpmcafee3.2 – 3.2
• tsugio_okamoto / lha1.14 – 1.14
• tsugio_okamoto / lha1.15 – 1.15
• tsugio_okamoto / lha1.17 – 1.17
• WinZip / WinZip9.0 – 9.0

References

• MISChttp://securitytracker.com/id?1015866
• MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
• MISChttp://www.osvdb.org/5753
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977
• MISChttp://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
• MISChttp://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html
• MISChttp://www.securityfocus.com/bid/10243
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1220
• MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/19514
• MISChttp://www.osvdb.org/5754
• MISChttp://www.redhat.com/support/errata/RHSA-2004-179.html
• MISChttp://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt
• MISChttps://bugzilla.fedora.us/show_bug.cgi?id=1833
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-515
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881
• MAILING_LISThttp://marc.info/?l=bugtraq&m=108422737918885&w=2
• MISChttp://security.gentoo.org/glsa/glsa-200405-02.xml
• MISChttp://www.redhat.com/support/errata/RHSA-2004-178.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/16012
• MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html