Test Kennung:	1.3.6.1.4.1.25623.1.0.52374
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: lha
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: lha CVE-2004-0694 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2004-0745 LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name. CVE-2004-0769 Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the 'x' option but also exploitable through 'l' and 'v', and fixed in header.c, a different issue than CVE-2004-0771. CVE-2004-0771 Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0694 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9981 http://www.redhat.com/support/errata/RHSA-2004-323.html http://www.redhat.com/support/errata/RHSA-2004-440.html Common Vulnerability Exposure (CVE) ID: CVE-2004-0745 https://bugzilla.fedora.us/show_bug.cgi?id=1833 http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11088 XForce ISS Database: lha-metacharacter-command-execution(17198) https://exchange.xforce.ibmcloud.com/vulnerabilities/17198 Common Vulnerability Exposure (CVE) ID: CVE-2004-0769 Bugtraq: 20040616 Re: [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities; Re: (Google Search) http://marc.info/?l=bugtraq&m=108745217504379&w=2 http://lw.ftw.zamosc.pl/lha-exploit.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11047 XForce ISS Database: lha-long-pathname-bo(16917) https://exchange.xforce.ibmcloud.com/vulnerabilities/16917 Common Vulnerability Exposure (CVE) ID: CVE-2004-0771 BugTraq ID: 10354 http://www.securityfocus.com/bid/10354 Bugtraq: 20040515 lha buffer overflow(s) again (Google Search) http://www.securityfocus.com/archive/1/363418 Bugtraq: 20040606 Re: [SECURITY] [DSA 515-1] New lha packages fix several (Google Search) http://marc.info/?l=bugtraq&m=108668791510153 http://bugs.gentoo.org/show_bug.cgi?id=51285 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595 XForce ISS Database: lha-extractone-bo(16196) https://exchange.xforce.ibmcloud.com/vulnerabilities/16196
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.