ID de Prueba:	1.3.6.1.4.1.25623.1.0.51139
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:178
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:178. LHA is an archiving and compression utility for LHarc format archives. Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0234 to this issue. An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0235 to this issue. Users of LHA should update to this updated package which contains backported patches not vulnerable to these issues. Red Hat would like to thank Ulf Harnhammar for disclosing and providing test cases and patches for these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-178.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0234 BugTraq ID: 10243 http://www.securityfocus.com/bid/10243 Bugtraq: 20040510 [Ulf Harnhammar]: LHA Advisory + Patch (Google Search) http://marc.info/?l=bugtraq&m=108422737918885&w=2 Bugtraq: 20060403 Barracuda LHA archiver security bug leads to remote compromise (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html Conectiva Linux advisory: CLA-2004:840 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840 Debian Security Information: DSA-515 (Google Search) http://www.debian.org/security/2004/dsa-515 http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html https://bugzilla.fedora.us/show_bug.cgi?id=1833 http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html http://security.gentoo.org/glsa/glsa-200405-02.xml http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt http://www.osvdb.org/5753 http://www.osvdb.org/5754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881 http://www.redhat.com/support/errata/RHSA-2004-178.html http://www.redhat.com/support/errata/RHSA-2004-179.html http://securitytracker.com/id?1015866 http://secunia.com/advisories/19514 http://www.vupen.com/english/advisories/2006/1220 XForce ISS Database: lha-multiple-bo(16012) https://exchange.xforce.ibmcloud.com/vulnerabilities/16012 Common Vulnerability Exposure (CVE) ID: CVE-2004-0235 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978 XForce ISS Database: lha-directory-traversal(16013) https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.