Vulnerability Details CVE-2004-0235
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
Exploit prediction scoring system (EPSS) score
EPSS Score 0.07
EPSS Ranking 91.0%
CVSS Severity
CVSS v2 Score 6.4
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
- http://marc.info/?l=bugtraq&m=108422737918885&w=2
- http://security.gentoo.org/glsa/glsa-200405-02.xml
- http://www.debian.org/security/2004/dsa-515
- http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
- http://www.redhat.com/support/errata/RHSA-2004-178.html
- http://www.redhat.com/support/errata/RHSA-2004-179.html
- http://www.securityfocus.com/bid/10243
- https://bugzilla.fedora.us/show_bug.cgi?id=1833
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
- http://marc.info/?l=bugtraq&m=108422737918885&w=2
- http://security.gentoo.org/glsa/glsa-200405-02.xml
- http://www.debian.org/security/2004/dsa-515
- http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
- http://www.redhat.com/support/errata/RHSA-2004-178.html
- http://www.redhat.com/support/errata/RHSA-2004-179.html
- http://www.securityfocus.com/bid/10243
- https://bugzilla.fedora.us/show_bug.cgi?id=1833
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978
Products affected by CVE-2004-0235
-
cpe:2.3:a:clearswift:mailsweeper:4.0
-
cpe:2.3:a:clearswift:mailsweeper:4.1
-
cpe:2.3:a:clearswift:mailsweeper:4.2
-
cpe:2.3:a:clearswift:mailsweeper:4.3
-
cpe:2.3:a:clearswift:mailsweeper:4.3.10
-
cpe:2.3:a:clearswift:mailsweeper:4.3.11
-
cpe:2.3:a:clearswift:mailsweeper:4.3.13
-
cpe:2.3:a:clearswift:mailsweeper:4.3.3
-
cpe:2.3:a:clearswift:mailsweeper:4.3.4
-
cpe:2.3:a:clearswift:mailsweeper:4.3.5
-
cpe:2.3:a:clearswift:mailsweeper:4.3.6
-
cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1
-
cpe:2.3:a:clearswift:mailsweeper:4.3.7
-
cpe:2.3:a:clearswift:mailsweeper:4.3.8
-
cpe:2.3:a:f-secure:f-secure_anti-virus:2003
-
cpe:2.3:a:f-secure:f-secure_anti-virus:2004
-
cpe:2.3:a:f-secure:f-secure_anti-virus:4.51
-
cpe:2.3:a:f-secure:f-secure_anti-virus:4.52
-
cpe:2.3:a:f-secure:f-secure_anti-virus:4.60
-
cpe:2.3:a:f-secure:f-secure_anti-virus:5.41
-
cpe:2.3:a:f-secure:f-secure_anti-virus:5.42
-
cpe:2.3:a:f-secure:f-secure_anti-virus:5.5
-
cpe:2.3:a:f-secure:f-secure_anti-virus:5.52
-
cpe:2.3:a:f-secure:f-secure_anti-virus:6.21
-
cpe:2.3:a:f-secure:f-secure_for_firewalls:6.20
-
cpe:2.3:a:f-secure:f-secure_internet_security:2003
-
cpe:2.3:a:f-secure:f-secure_internet_security:2004
-
cpe:2.3:a:f-secure:f-secure_personal_express:4.5
-
cpe:2.3:a:f-secure:f-secure_personal_express:4.6
-
cpe:2.3:a:f-secure:f-secure_personal_express:4.7
-
cpe:2.3:a:f-secure:internet_gatekeeper:6.31
-
cpe:2.3:a:f-secure:internet_gatekeeper:6.32
-
cpe:2.3:a:rarlab:winrar:3.20
-
cpe:2.3:a:redhat:lha:1.14i-9
-
cpe:2.3:a:sgi:propack:2.4
-
cpe:2.3:a:sgi:propack:3.0
-
cpe:2.3:a:stalker:cgpmcafee:3.2
-
cpe:2.3:a:tsugio_okamoto:lha:1.14
-
cpe:2.3:a:tsugio_okamoto:lha:1.15
-
cpe:2.3:a:tsugio_okamoto:lha:1.17
-
cpe:2.3:a:winzip:winzip:9.0
-
cpe:2.3:o:redhat:fedora_core:core_1.0