CVE-2004-0235
Mailsweeper - Directory Traversal via LHA Archive Filename Manipulation
Title source: llmDescription
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
References (13)
Core 13
Core References
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10243
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-179.html
Issue Tracking vendor-advisory
x_refsource_fedora
https://bugzilla.fedora.us/show_bug.cgi?id=1833
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-515
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108422737918885&w=2
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200405-02.xml
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-178.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409
Scores
EPSS
0.1050
EPSS Percentile
93.3%
Details
Status
published
Products (42)
clearswift/mailsweeper
4.0
clearswift/mailsweeper
4.1
clearswift/mailsweeper
4.2
clearswift/mailsweeper
4.3
clearswift/mailsweeper
4.3.3
clearswift/mailsweeper
4.3.4
clearswift/mailsweeper
4.3.5
clearswift/mailsweeper
4.3.6
clearswift/mailsweeper
4.3.6_sp1
clearswift/mailsweeper
4.3.7
... and 32 more
Published
Aug 18, 2004
Tracked Since
Feb 18, 2026