Critical

CVE-2004-0234 - Buffer Errors vulnerability in multiple products

Publication: 2004-08-18
Summary

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

Classification
CWE-119: Buffer Errors

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Clearswift Mailsweeper 4.0
  • Redhat Fedora Core core_1.0
  • Clearswift Mailsweeper 4.2
  • Clearswift Mailsweeper 4.3
  • Clearswift Mailsweeper 4.3.3
  • Clearswift Mailsweeper 4.3.4
  • Clearswift Mailsweeper 4.3.5
  • Clearswift Mailsweeper 4.3.6
  • Clearswift Mailsweeper 4.3.6_sp1
  • Clearswift Mailsweeper 4.3.7
  • Clearswift Mailsweeper 4.3.8
  • Clearswift Mailsweeper 4.3.10
  • Clearswift Mailsweeper 4.3.11
  • Clearswift Mailsweeper 4.3.13
  • F-secure F-secure Anti-virus 4.51
  • F-secure F-secure Anti-virus 4.51
  • F-secure F-secure Anti-virus 4.51
  • F-secure F-secure Anti-virus 4.52
  • F-secure F-secure Anti-virus 4.52
  • F-secure F-secure Anti-virus 4.52
  • F-secure F-secure Anti-virus 4.60
  • F-secure F-secure Anti-virus 5.5
  • F-secure F-secure Anti-virus 5.41
  • F-secure F-secure Anti-virus 5.41
  • F-secure F-secure Anti-virus 5.41
  • Clearswift Mailsweeper 4.1
  • F-secure F-secure Anti-virus 5.42
  • F-secure F-secure Anti-virus 5.42
  • F-secure F-secure Anti-virus 5.52
  • F-secure F-secure Anti-virus 6.21
  • F-secure F-secure Anti-virus 2003
  • F-secure F-secure Anti-virus 2004
  • F-secure F-secure FOR Firewalls 6.20
  • F-secure F-secure Internet Security 2003
  • F-secure F-secure Internet Security 2004
  • F-secure F-secure Personal Express 4.5
  • F-secure F-secure Personal Express 4.6
  • F-secure F-secure Personal Express 4.7
  • F-secure Internet Gatekeeper 6.31
  • F-secure Internet Gatekeeper 6.32
  • Rarlab Winrar 3.20
  • Redhat LHA 1.14i-9
  • SGI Propack 2.4
  • SGI Propack 3.0
  • Stalker Cgpmcafee 3.2
  • Tsugio Okamoto LHA 1.14
  • Tsugio Okamoto LHA 1.15
  • Tsugio Okamoto LHA 1.17
  • Winzip Winzip 9.0
  • F-secure F-secure Anti-virus 5.42