CVE-2004-0234
Mailsweeper - Stack-based Buffer Overflow via Long Directory or File Names in LHA Archive
Title source: llmDescription
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
References (21)
Core 21
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015866
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5753
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977
Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10243
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1220
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19514
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5754
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-179.html
Various Sources x_refsource_misc
http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt
Issue Tracking vendor-advisory
x_refsource_fedora
https://bugzilla.fedora.us/show_bug.cgi?id=1833
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-515
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108422737918885&w=2
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200405-02.xml
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-178.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16012
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html
Scores
EPSS
0.0848
EPSS Percentile
92.5%
Details
CWE
CWE-119
Status
published
Products (42)
clearswift/mailsweeper
4.0
clearswift/mailsweeper
4.1
clearswift/mailsweeper
4.2
clearswift/mailsweeper
4.3
clearswift/mailsweeper
4.3.3
clearswift/mailsweeper
4.3.4
clearswift/mailsweeper
4.3.5
clearswift/mailsweeper
4.3.6
clearswift/mailsweeper
4.3.6_sp1
clearswift/mailsweeper
4.3.7
... and 32 more
Published
Aug 18, 2004
Tracked Since
Feb 18, 2026