RHEL 3 : lha (RHSA-2004:323)

critical Nessus Plugin ID 14625

Synopsis

The remote Red Hat host is missing a security update.

Description

An updated lha package that fixes a buffer overflow is now available.

LHA is an archiving and compression utility for LHarc format archives.

Lukasz Wojtow discovered a stack-based buffer overflow in all versions of lha up to and including version 1.14. A carefully created archive could allow an attacker to execute arbitrary code when a victim extracts or tests the archive. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0769 to this issue.

Buffer overflows were discovered in the command line processing of all versions of lha up to and including version 1.14. If a malicious user could trick a victim into passing a specially crafted command line to the lha command, it is possible that arbitrary code could be executed.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0771 and CVE-2004-0694 to these issues.

Thomas Biege discovered a shell meta character command execution vulnerability in all versions of lha up to and including 1.14. An attacker could create a directory with shell meta characters in its name which could lead to arbitrary command execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0745 to this issue.

Users of lha should update to this updated package which contains backported patches and is not vulnerable to these issues.

Solution

Update the affected lha package.

See Also

https://access.redhat.com/security/cve/cve-2004-0694

https://access.redhat.com/security/cve/cve-2004-0745

https://access.redhat.com/security/cve/cve-2004-0769

https://access.redhat.com/security/cve/cve-2004-0771

https://marc.info/?l=bugtraq&m=108668791510153

http://www.nessus.org/u?79f10c0b

https://access.redhat.com/errata/RHSA-2004:323

Plugin Details

Severity: Critical

ID: 14625

File Name: redhat-RHSA-2004-323.nasl

Version: 1.32

Type: local

Agent: unix

Published: 9/1/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:lha, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 9/1/2004

Vulnerability Publication Date: 8/18/2004

Reference Information

CVE: CVE-2004-0694, CVE-2004-0745, CVE-2004-0769, CVE-2004-0771

RHSA: 2004:323