Upstream information
Description
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 6.4 |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
SUSE Security Advisories:
- SuSE-SA:2004:010, published Tuesday, May 5th 2004 02:30 MEST
- SuSE-SA:2004:011, published Thursday, May 6th 2004 22:30 MEST
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 00:46:44 2013CVE page last modified: Fri Dec 8 16:09:28 2023