CVE-2004-0234
published 2004-08-18CVE-2004-0234: Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote…
PriorityP336critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
10.26%
95.1th percentile
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| clearswift | mailsweeper | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_anti-virus | — | — |
| f-secure | f-secure_for_firewalls | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w979-wcrr-7whw: Multiple stack-based buffer overflows in the get_header function in header
ghsa_unreviewed·2022-04-29
CVE-2004-0234 [HIGH] CWE-119 GHSA-w979-wcrr-7whw: Multiple stack-based buffer overflows in the get_header function in header
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
Red Hat
lhaca issue might affect lha packages
vendor_redhat·2007-07-01·CVSS 10.0
CVE-2007-3375 [CRITICAL] lhaca issue might affect lha packages
lhaca issue might affect lha packages
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.
Statement: Not vulnerable, Red Hat do not ship the Lhaca file archiver. Note that an identical flaw was found affecting the lha file archiver in 2004, CVE-2004-0234. This issue was corrected by security update RHSA-2004:178 for Red Hat Enterprise Linux 2.1 and 3. Red Hat Enterprise Linux 4 was not vulnerable as it contained a backported patch to correct this issue from release.
Red Hat
security flaw
vendor_redhat·2004-05-01·CVSS 10.0
CVE-2004-0234 [CRITICAL] security flaw
security flaw
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
No detection rules found.
Bugzilla
CVE-2004-0234 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-0234 [CRITICAL] CVE-2004-0234 security flaw
CVE-2004-0234 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
Bugzilla
CVE-2007-3375 lhaca issue might affect lha packages
bugzilla·2007-07-10·CVSS 10.0
CVE-2007-3375 [CRITICAL] CVE-2007-3375 lhaca issue might affect lha packages
CVE-2007-3375 lhaca issue might affect lha packages
CERT notified us of a flaw in Lhaca LHA Extended Header handling, but on closer
look at the advisory this looks really similar to the code in header.c in lharc
as distributed in older RHEL releases.
http://vuln.sg/lhaca121-en.html
We need to look through the lharc code for older RHEL to make sure it is not
vulnerable to this issue.
Marking this bug as private for now, as it isn't public that this might affect
lharc too.
Discussion:
This is fixed in Red Hat packages by lha-114i-sec.patch.
Investigation showed that this was in fact the issue from 2004:
http://marc.info/?l=bugtraq&m=108422737918885&w=2 CVE-2004-0234
So LHACA appeared to be vulnerable to this issue due to shared codebase.
http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.htmlhttp://marc.info/?l=bugtraq&m=108422737918885&w=2http://secunia.com/advisories/19514http://security.gentoo.org/glsa/glsa-200405-02.xmlhttp://securitytracker.com/id?1015866http://www.debian.org/security/2004/dsa-515http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txthttp://www.osvdb.org/5753http://www.osvdb.org/5754http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.htmlhttp://www.redhat.com/support/errata/RHSA-2004-178.htmlhttp://www.redhat.com/support/errata/RHSA-2004-179.htmlhttp://www.securityfocus.com/bid/10243http://www.vupen.com/english/advisories/2006/1220https://bugzilla.fedora.us/show_bug.cgi?id=1833https://exchange.xforce.ibmcloud.com/vulnerabilities/16012https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.htmlhttp://marc.info/?l=bugtraq&m=108422737918885&w=2http://secunia.com/advisories/19514http://security.gentoo.org/glsa/glsa-200405-02.xmlhttp://securitytracker.com/id?1015866http://www.debian.org/security/2004/dsa-515http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txthttp://www.osvdb.org/5753http://www.osvdb.org/5754http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.htmlhttp://www.redhat.com/support/errata/RHSA-2004-178.htmlhttp://www.redhat.com/support/errata/RHSA-2004-179.htmlhttp://www.securityfocus.com/bid/10243http://www.vupen.com/english/advisories/2006/1220https://bugzilla.fedora.us/show_bug.cgi?id=1833https://exchange.xforce.ibmcloud.com/vulnerabilities/16012https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881
2004-08-18
Published