Test ID:	1.3.6.1.4.1.25623.1.0.53932
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2004-125-01)
Summary:	The remote host is missing an update for the 'lha' package(s) announced via the SSA:2004-125-01 advisory.
Description:	Summary: The remote host is missing an update for the 'lha' package(s) announced via the SSA:2004-125-01 advisory. Vulnerability Insight: New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: [links moved to references] Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Tue May 4 13:11:26 PDT 2004 patches/packages/bin-8.5.0-i486-2.tgz: Fixed buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. For more details, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'lha' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0234 BugTraq ID: 10243 http://www.securityfocus.com/bid/10243 Bugtraq: 20040510 [Ulf Harnhammar]: LHA Advisory + Patch (Google Search) http://marc.info/?l=bugtraq&m=108422737918885&w=2 Bugtraq: 20060403 Barracuda LHA archiver security bug leads to remote compromise (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html Conectiva Linux advisory: CLA-2004:840 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840 Debian Security Information: DSA-515 (Google Search) http://www.debian.org/security/2004/dsa-515 http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html https://bugzilla.fedora.us/show_bug.cgi?id=1833 http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html http://security.gentoo.org/glsa/glsa-200405-02.xml http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt http://www.osvdb.org/5753 http://www.osvdb.org/5754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881 http://www.redhat.com/support/errata/RHSA-2004-178.html http://www.redhat.com/support/errata/RHSA-2004-179.html http://securitytracker.com/id?1015866 http://secunia.com/advisories/19514 http://www.vupen.com/english/advisories/2006/1220 XForce ISS Database: lha-multiple-bo(16012) https://exchange.xforce.ibmcloud.com/vulnerabilities/16012 Common Vulnerability Exposure (CVE) ID: CVE-2004-0235 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978 XForce ISS Database: lha-directory-traversal(16013) https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.