CVE-2004-0235
First published: Wed May 05 2004(Updated: )
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Clearswift MAILsweeper | =4.0 | |
| Clearswift MAILsweeper | =4.1 | |
| Clearswift MAILsweeper | =4.2 | |
| Clearswift MAILsweeper | =4.3 | |
| Clearswift MAILsweeper | =4.3.3 | |
| Clearswift MAILsweeper | =4.3.4 | |
| Clearswift MAILsweeper | =4.3.5 | |
| Clearswift MAILsweeper | =4.3.6 | |
| Clearswift MAILsweeper | =4.3.6_sp1 | |
| Clearswift MAILsweeper | =4.3.7 | |
| Clearswift MAILsweeper | =4.3.8 | |
| Clearswift MAILsweeper | =4.3.10 | |
| Clearswift MAILsweeper | =4.3.11 | |
| Clearswift MAILsweeper | =4.3.13 | |
| F-secure F-secure Anti-virus | =4.51 | |
| F-secure F-secure Anti-virus | =4.51 | |
| F-secure F-secure Anti-virus | =4.51 | |
| F-secure F-secure Anti-virus | =4.52 | |
| F-secure F-secure Anti-virus | =4.52 | |
| F-secure F-secure Anti-virus | =4.52 | |
| F-secure F-secure Anti-virus | =4.60 | |
| F-secure F-secure Anti-virus | =5.5 | |
| F-secure F-secure Anti-virus | =5.41 | |
| F-secure F-secure Anti-virus | =5.41 | |
| F-secure F-secure Anti-virus | =5.41 | |
| F-secure F-secure Anti-virus | =5.42 | |
| F-secure F-secure Anti-virus | =5.42 | |
| F-secure F-secure Anti-virus | =5.42 | |
| F-secure F-secure Anti-virus | =5.52 | |
| F-secure F-secure Anti-virus | =6.21 | |
| F-secure F-secure Anti-virus | =2003 | |
| F-secure F-secure Anti-virus | =2004 | |
| F-secure F-secure For Firewalls | =6.20 | |
| F-secure F-secure Internet Security | =2003 | |
| F-secure F-secure Internet Security | =2004 | |
| F-secure F-secure Personal Express | =4.5 | |
| F-secure F-secure Personal Express | =4.6 | |
| F-secure F-secure Personal Express | =4.7 | |
| F-secure Internet Gatekeeper | =6.31 | |
| F-secure Internet Gatekeeper | =6.32 | |
| RARLAB WinRAR | =3.20 | |
| Redhat Lha | =1.14i-9 | |
| SGI ProPack | =2.4 | |
| SGI ProPack | =3.0 | |
| Stalker Cgpmcafee | =3.2 | |
| Tsugio Okamoto Lha | =1.14 | |
| Tsugio Okamoto Lha | =1.15 | |
| Tsugio Okamoto Lha | =1.17 | |
| Winzip Winzip | =9.0 | |
| Redhat Fedora Core | =core_1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
- http://marc.info/?l=bugtraq&m=108422737918885&w=2
- http://security.gentoo.org/glsa/glsa-200405-02.xml
- http://www.debian.org/security/2004/dsa-515
- http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
- http://www.redhat.com/support/errata/RHSA-2004-178.html
- http://www.redhat.com/support/errata/RHSA-2004-179.html
- http://www.securityfocus.com/bid/10243
- https://bugzilla.fedora.us/show_bug.cgi?id=1833
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978
- collector/nvd-index
- collector/nvd-historical
- vendor/clearswift
- product/mailsweeper
- canonical/clearswift mailsweeper
- vendor/f-secure
- product/f-secure anti-virus
- canonical/f-secure f-secure anti-virus
- vendor/tsugio okamoto
- product/lha
- canonical/tsugio okamoto lha
- product/internet gatekeeper
- canonical/f-secure internet gatekeeper
- product/f-secure internet security
- canonical/f-secure f-secure internet security
- vendor/sgi
- product/propack
- canonical/sgi propack
- vendor/rarlab
- product/winrar
- canonical/rarlab winrar
- product/f-secure personal express
- canonical/f-secure f-secure personal express
- product/f-secure for firewalls
- canonical/f-secure f-secure for firewalls
- vendor/winzip
- product/winzip
- canonical/winzip winzip
- vendor/stalker
- product/cgpmcafee
- canonical/stalker cgpmcafee
- vendor/redhat
- canonical/redhat lha
- product/fedora core
- canonical/redhat fedora core
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/clearswift mailsweeper/4.0
- version/clearswift mailsweeper/4.1
- version/clearswift mailsweeper/4.2
- version/clearswift mailsweeper/4.3
- version/clearswift mailsweeper/4.3.3
- version/clearswift mailsweeper/4.3.4
- version/clearswift mailsweeper/4.3.5
- version/clearswift mailsweeper/4.3.6
- version/clearswift mailsweeper/4.3.6_sp1
- version/clearswift mailsweeper/4.3.7
- version/clearswift mailsweeper/4.3.8
- version/clearswift mailsweeper/4.3.10
- version/clearswift mailsweeper/4.3.11
- version/clearswift mailsweeper/4.3.13
- version/f-secure f-secure anti-virus/4.51
- version/f-secure f-secure anti-virus/4.52
- version/f-secure f-secure anti-virus/4.60
- version/f-secure f-secure anti-virus/5.5
- version/f-secure f-secure anti-virus/5.41
- version/f-secure f-secure anti-virus/5.42
- version/f-secure f-secure anti-virus/5.52
- version/f-secure f-secure anti-virus/6.21
- version/f-secure f-secure anti-virus/2003
- version/f-secure f-secure anti-virus/2004
- version/f-secure f-secure for firewalls/6.20
- version/f-secure f-secure internet security/2003
- version/f-secure f-secure internet security/2004
- version/f-secure f-secure personal express/4.5
- version/f-secure f-secure personal express/4.6
- version/f-secure f-secure personal express/4.7
- version/f-secure internet gatekeeper/6.31
- version/f-secure internet gatekeeper/6.32
- version/rarlab winrar/3.20
- version/redhat lha/1.14i-9
- version/sgi propack/2.4
- version/sgi propack/3.0
- version/stalker cgpmcafee/3.2
- version/tsugio okamoto lha/1.14
- version/tsugio okamoto lha/1.15
- version/tsugio okamoto lha/1.17
- version/winzip winzip/9.0
- version/redhat fedora core/core_1.0