CVE-2004-0771

LHA - Buffer Overflow

Title source: llm

Description

Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Lukasz Wojtow · perlremotelinux

https://www.exploit-db.com/exploits/24120

View Code ZIP pw:eip

References (10)

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-323.html

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/10354

[Issue Tracking] http://bugs.gentoo.org/show_bug.cgi?id=51285

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16196

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/363418

[Issue Tracking] https://bugzilla.fedora.us/show_bug.cgi?id=1833

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-440.html

[Mailing List] http://marc.info/?l=bugtraq&m=108668791510153

Scores

EPSS 0.3795

EPSS Percentile 97.2%

Details

Status published

Products (3)

tsugio_okamoto/lha 1.14

tsugio_okamoto/lha 1.15

tsugio_okamoto/lha 1.17

Published Nov 23, 2004

Tracked Since Feb 18, 2026