Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
clearswift mailsweeper 4.3 |
||
clearswift mailsweeper 4.3.6 |
||
f-secure f-secure anti-virus 5.42 |
||
clearswift mailsweeper 4.0 |
||
tsugio okamoto lha 1.17 |
||
f-secure f-secure anti-virus 5.41 |
||
f-secure internet gatekeeper 6.32 |
||
f-secure f-secure internet security 2003 |
||
sgi propack 3.0 |
||
rarlab winrar 3.20 |
||
f-secure f-secure anti-virus 5.5 |
||
clearswift mailsweeper 4.3.4 |
||
f-secure f-secure personal express 4.6 |
||
clearswift mailsweeper 4.2 |
||
f-secure f-secure anti-virus 4.52 |
||
clearswift mailsweeper 4.3.7 |
||
f-secure f-secure personal express 4.7 |
||
f-secure f-secure for firewalls 6.20 |
||
f-secure f-secure anti-virus 4.51 |
||
tsugio okamoto lha 1.15 |
||
f-secure f-secure personal express 4.5 |
||
f-secure f-secure anti-virus 5.52 |
||
f-secure f-secure anti-virus 2004 |
||
winzip winzip 9.0 |
||
clearswift mailsweeper 4.3.3 |
||
tsugio okamoto lha 1.14 |
||
clearswift mailsweeper 4.3.11 |
||
f-secure f-secure internet security 2004 |
||
f-secure f-secure anti-virus 6.21 |
||
clearswift mailsweeper 4.3.13 |
||
f-secure f-secure anti-virus 2003 |
||
sgi propack 2.4 |
||
stalker cgpmcafee 3.2 |
||
clearswift mailsweeper 4.3.5 |
||
clearswift mailsweeper 4.1 |
||
f-secure internet gatekeeper 6.31 |
||
f-secure f-secure anti-virus 4.60 |
||
clearswift mailsweeper 4.3.6 sp1 |
||
redhat lha 1.14i-9 |
||
clearswift mailsweeper 4.3.8 |
||
clearswift mailsweeper 4.3.10 |
||
redhat fedora core core 1.0 |
Vulmon