Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200409-13 (lha)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54670

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200409-13 (lha)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory GLSA 200409-13.

Several buffer overflows and a shell metacharacter command execution
vulnerability have been found in LHa. These vulnerabilities can be used to
execute arbitrary code.

Solution:
All LHa users should upgrade to the latest stable version:

# emerge sync

# emerge -pv '>=app-arch/lha-114i-r4'
# emerge '>=app-arch/lha-114i-r4'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-13
http://bugs.gentoo.org/show_bug.cgi?id=62618

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0694
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9981
http://www.redhat.com/support/errata/RHSA-2004-323.html
http://www.redhat.com/support/errata/RHSA-2004-440.html
Common Vulnerability Exposure (CVE) ID: CVE-2004-0745
https://bugzilla.fedora.us/show_bug.cgi?id=1833
http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11088
XForce ISS Database: lha-metacharacter-command-execution(17198)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17198
Common Vulnerability Exposure (CVE) ID: CVE-2004-0769
Bugtraq: 20040616 Re: [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities; Re: (Google Search)
http://marc.info/?l=bugtraq&m=108745217504379&w=2
http://lw.ftw.zamosc.pl/lha-exploit.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11047
XForce ISS Database: lha-long-pathname-bo(16917)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16917
Common Vulnerability Exposure (CVE) ID: CVE-2004-0771
BugTraq ID: 10354
http://www.securityfocus.com/bid/10354
Bugtraq: 20040515 lha buffer overflow(s) again (Google Search)
http://www.securityfocus.com/archive/1/363418
Bugtraq: 20040606 Re: [SECURITY] [DSA 515-1] New lha packages fix several (Google Search)
http://marc.info/?l=bugtraq&m=108668791510153
http://bugs.gentoo.org/show_bug.cgi?id=51285
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595
XForce ISS Database: lha-extractone-bo(16196)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16196

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54670
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200409-13 (lha)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory GLSA 200409-13. Several buffer overflows and a shell metacharacter command execution vulnerability have been found in LHa. These vulnerabilities can be used to execute arbitrary code. Solution: All LHa users should upgrade to the latest stable version: # emerge sync # emerge -pv '>=app-arch/lha-114i-r4' # emerge '>=app-arch/lha-114i-r4' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-13 http://bugs.gentoo.org/show_bug.cgi?id=62618 CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0694 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9981 http://www.redhat.com/support/errata/RHSA-2004-323.html http://www.redhat.com/support/errata/RHSA-2004-440.html Common Vulnerability Exposure (CVE) ID: CVE-2004-0745 https://bugzilla.fedora.us/show_bug.cgi?id=1833 http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11088 XForce ISS Database: lha-metacharacter-command-execution(17198) https://exchange.xforce.ibmcloud.com/vulnerabilities/17198 Common Vulnerability Exposure (CVE) ID: CVE-2004-0769 Bugtraq: 20040616 Re: [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities; Re: (Google Search) http://marc.info/?l=bugtraq&m=108745217504379&w=2 http://lw.ftw.zamosc.pl/lha-exploit.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11047 XForce ISS Database: lha-long-pathname-bo(16917) https://exchange.xforce.ibmcloud.com/vulnerabilities/16917 Common Vulnerability Exposure (CVE) ID: CVE-2004-0771 BugTraq ID: 10354 http://www.securityfocus.com/bid/10354 Bugtraq: 20040515 lha buffer overflow(s) again (Google Search) http://www.securityfocus.com/archive/1/363418 Bugtraq: 20040606 Re: [SECURITY] [DSA 515-1] New lha packages fix several (Google Search) http://marc.info/?l=bugtraq&m=108668791510153 http://bugs.gentoo.org/show_bug.cgi?id=51285 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595 XForce ISS Database: lha-extractone-bo(16196) https://exchange.xforce.ibmcloud.com/vulnerabilities/16196
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com