FreeBSD : lha buffer overflows and path traversal issues (a2ffb627-9c53-11d8-9366-0020ed76ef5a)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Ulf Harnhammar discovered several vulnerabilities in LHa for UNIX's
path name handling code. Specially constructed archive files may cause
LHa to overwrite files or execute arbitrary code with the privileges
of the user invoking LHa. This could be particularly harmful for
automated systems that might handle archives such as virus scanning
processes.

See also :

http://www.nessus.org/u?a08f8aff

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36391 (freebsd_pkg_a2ffb6279c5311d893660020ed76ef5a.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0234
CVE-2004-0235

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now