发布时间 :2011-02-03 20:00:02
修订时间 :2011-07-18 21:19:44

[原文]Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

[CNNVD]Tsugio_Okamoto LHA缓冲区溢出漏洞(CNNVD-201102-052)

        LHA 1.14及之前版本中存在缓冲区溢出漏洞。远程攻击者可以借助和"命令行处理"有关的未知向量导致拒绝服务(崩溃)并可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9981Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working director...

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

Tsugio_Okamoto LHA缓冲区溢出漏洞
中危 缓冲区溢出
2011-02-09 00:00:00 2011-02-10 00:00:00
        LHA 1.14及之前版本中存在缓冲区溢出漏洞。远程攻击者可以借助和"命令行处理"有关的未知向量导致拒绝服务(崩溃)并可能执行任意代码。

- 公告与补丁


- 漏洞信息

LHA Unspecified Command Line Overflow
Local Access Required Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

A local overflow exists in LHA. LHA fails to perform proper bounds checking on command line arguments resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of confidentiality and/or integrity.

- 时间线

2004-09-02 Unknow
Unknow Unknow

- 解决方案

Upgrade to version LHA for UNIX Version 1.14i or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

LHA Multiple Code Execution Vulnerabilities
Boundary Condition Error 11093
Yes Yes
2004-09-01 12:00:00 2009-07-12 07:06:00
Discovery is credited to Lukasz Wojtow and Thomas Biege.

- 受影响的程序版本

RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mr. S.K. LHA 1.14

- 漏洞讨论

LHA is reported prone to multiple vulnerabilities. These issues include multiple local and remote buffer overflow vulnerabilities and a remote command execution vulnerability. Successful exploitation of these issues may allow an attacker to execute arbitrary code and gain unauthorized access to a vulnerable computer.

The following specific issues were reported:

The application is prone to a stack overflow vulnerability when processing a malicious archive.

Multiple local buffer overflow vulnerabilities were reported as well. These issues can be triggered by supplying an excessive string value to the application through the command line.

Additionally, a remote command execution issue affects the application. This issue is triggered when LHA processes a directory with a malformed name.

LHA versions 1.14 and prior are affected by these issues.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

RedHat has released an advisory (RHSA-2004:323-09) to address these issues. Please see the advisory in Web references for more information.

RedHat has released an advisory (RHSA-2004:440-04) along with fixes to address these issues for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.

RedHat Fedora has released advisories FEDORA-2004-294 and FEDORA-2004-295 dealing with these issues for their Core 1 and Core 2 products. Please see the referenced advisories for more information.

Gentoo has released advisory GLSA 200409-13 dealing with these issues. All LHa users should upgrade to the latest stable version with the following commands:

# emerge sync

# emerge -pv ">=app-arch/lha-114i-r4"
# emerge ">=app-arch/lha-114i-r4"

Please see the referenced Gentoo advisory for more information.

The Fedora Legacy project has released advisory FLSA:1833 along with fixes to address this issue in RedHat Linux 7.3. Please see the referenced advisory for further information.

Mr. S.K. LHA 1.14

- 相关参考