FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
273cc1a3-0d6b-11d9-8a8a-000c41e2cdad	lha -- numerous vulnerabilities when extracting archives Source code reviews of lha by Lukasz Wojtow, Thomas Biege, and others uncovered a number of vulnerabilities affecting lha: Buffer overflows when handling archives and filenames. (CVE-2004-0694) Possible command execution via shell meta-characters when built with NOMKDIR. (CVE-2004-0745) Buffer overflow resulting in arbitrary code execution when handling long pathnames in LHZ archives. (CVE-2004-0769) Buffer overflow in the extract_one. (CVE-2004-0771) Discovery 2004-05-17 Entry 2004-09-23 lha < 1.14i_6 CVE-2004-0694 CVE-2004-0745 CVE-2004-0769 CVE-2004-0771 http://marc.theaimsgroup.com/?l=bugtraq&m=108464470103227 http://marc.theaimsgroup.com/?l=bugtraq&m=108668791510153 http://bugs.gentoo.org/show_bug.cgi?id=51285 http://xforce.iss.net/xforce/xfdb/16196 10354
a2ffb627-9c53-11d8-9366-0020ed76ef5a	lha buffer overflows and path traversal issues Ulf HÃ¤rnhammar discovered several vulnerabilities in LHa for UNIX's path name handling code. Specially constructed archive files may cause LHa to overwrite files or execute arbitrary code with the privileges of the user invoking LHa. This could be particularly harmful for automated systems that might handle archives such as virus scanning processes. Discovery 2004-04-29 Entry 2004-05-02 Modified 2004-05-03 lha < 1.14i_4 CVE-2004-0234 CVE-2004-0235

VuXML ID

Description

273cc1a3-0d6b-11d9-8a8a-000c41e2cdad

lha -- numerous vulnerabilities when extracting archives

Source code reviews of lha by Lukasz Wojtow, Thomas Biege, and others uncovered a number of vulnerabilities affecting lha:

Buffer overflows when handling archives and filenames. (CVE-2004-0694)
Possible command execution via shell meta-characters when built with NOMKDIR. (CVE-2004-0745)
Buffer overflow resulting in arbitrary code execution when handling long pathnames in LHZ archives. (CVE-2004-0769)
Buffer overflow in the extract_one. (CVE-2004-0771)

Discovery 2004-05-17
Entry 2004-09-23
lha

< 1.14i_6

CVE-2004-0694
CVE-2004-0745
CVE-2004-0769
CVE-2004-0771
http://marc.theaimsgroup.com/?l=bugtraq&m=108464470103227
http://marc.theaimsgroup.com/?l=bugtraq&m=108668791510153
http://bugs.gentoo.org/show_bug.cgi?id=51285
http://xforce.iss.net/xforce/xfdb/16196
10354

a2ffb627-9c53-11d8-9366-0020ed76ef5a

lha buffer overflows and path traversal issues

Ulf HÃ¤rnhammar discovered several vulnerabilities in LHa for UNIX's path name handling code. Specially constructed archive files may cause LHa to overwrite files or execute arbitrary code with the privileges of the user invoking LHa. This could be particularly harmful for automated systems that might handle archives such as virus scanning processes.

Discovery 2004-04-29
Entry 2004-05-02
Modified 2004-05-03
lha

< 1.14i_4

CVE-2004-0234
CVE-2004-0235