CVE-2004-0235

Description

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

Software From Fixed in
winzip / winzip 9.0 9.0.x
clearswift / mailsweeper 4.0 4.0.x
clearswift / mailsweeper 4.1 4.1.x
clearswift / mailsweeper 4.2 4.2.x
clearswift / mailsweeper 4.3 4.3.x
clearswift / mailsweeper 4.3.10 4.3.10.x
clearswift / mailsweeper 4.3.11 4.3.11.x
clearswift / mailsweeper 4.3.13 4.3.13.x
clearswift / mailsweeper 4.3.3 4.3.3.x
clearswift / mailsweeper 4.3.4 4.3.4.x
clearswift / mailsweeper 4.3.5 4.3.5.x
clearswift / mailsweeper 4.3.6 4.3.6.x
clearswift / mailsweeper 4.3.6_sp1 4.3.6_sp1.x
clearswift / mailsweeper 4.3.7 4.3.7.x
clearswift / mailsweeper 4.3.8 4.3.8.x
sgi / propack 2.4 2.4.x
sgi / propack 3.0 3.0.x
f-secure / internet_gatekeeper 6.31 6.31.x
f-secure / internet_gatekeeper 6.32 6.32.x
f-secure / f-secure_anti-virus 2003 2003.x
f-secure / f-secure_anti-virus 2004 2004.x
f-secure / f-secure_anti-virus 4.51 4.51.x
f-secure / f-secure_anti-virus 4.52 4.52.x
f-secure / f-secure_anti-virus 4.60 4.60.x
f-secure / f-secure_anti-virus 5.41 5.41.x
f-secure / f-secure_anti-virus 5.42 5.42.x
f-secure / f-secure_anti-virus 5.5 5.5.x
f-secure / f-secure_anti-virus 5.52 5.52.x
f-secure / f-secure_anti-virus 6.21 6.21.x
tsugio_okamoto / lha 1.14 1.14.x
tsugio_okamoto / lha 1.15 1.15.x
tsugio_okamoto / lha 1.17 1.17.x
f-secure / f-secure_internet_security 2003 2003.x
f-secure / f-secure_internet_security 2004 2004.x
f-secure / f-secure_personal_express 4.5 4.5.x
f-secure / f-secure_personal_express 4.6 4.6.x
f-secure / f-secure_personal_express 4.7 4.7.x
f-secure / f-secure_for_firewalls 6.20 6.20.x
rarlab / winrar 3.20 3.20.x
stalker / cgpmcafee 3.2 3.2.x
redhat / lha 1.14i-9 1.14i-9.x
redhat / fedora_core core_1.0 core_1.0.x