FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
273cc1a3-0d6b-11d9-8a8a-000c41e2cdadlha -- numerous vulnerabilities when extracting archives

Source code reviews of lha by Lukasz Wojtow, Thomas Biege, and others uncovered a number of vulnerabilities affecting lha:

  • Buffer overflows when handling archives and filenames. (CVE-2004-0694)
  • Possible command execution via shell meta-characters when built with NOMKDIR. (CVE-2004-0745)
  • Buffer overflow resulting in arbitrary code execution when handling long pathnames in LHZ archives. (CVE-2004-0769)
  • Buffer overflow in the extract_one. (CVE-2004-0771)

Discovery 2004-05-17
Entry 2004-09-23
lha
< 1.14i_6

CVE-2004-0694
CVE-2004-0745
CVE-2004-0769
CVE-2004-0771
http://marc.theaimsgroup.com/?l=bugtraq&m=108464470103227
http://marc.theaimsgroup.com/?l=bugtraq&m=108668791510153
http://bugs.gentoo.org/show_bug.cgi?id=51285
http://xforce.iss.net/xforce/xfdb/16196
10354
a2ffb627-9c53-11d8-9366-0020ed76ef5alha buffer overflows and path traversal issues

Ulf Härnhammar discovered several vulnerabilities in LHa for UNIX's path name handling code. Specially constructed archive files may cause LHa to overwrite files or execute arbitrary code with the privileges of the user invoking LHa. This could be particularly harmful for automated systems that might handle archives such as virus scanning processes.


Discovery 2004-04-29
Entry 2004-05-02
Modified 2004-05-03
lha
< 1.14i_4

CVE-2004-0234
CVE-2004-0235