CVE-2004-0235
NONE EPSS 89.6%
Published Aug 18, 200421y ago · Modified Jun 16, 20262w ago
Published Aug 18, 2004 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
Threat Intelligence
EPSS Exploit Probability
89.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Affected Products 50
| Vendor | Product | Version | Range |
|---|---|---|---|
| clearswift | mailsweeper | 4.0 | any |
| clearswift | mailsweeper | 4.1 | any |
| clearswift | mailsweeper | 4.2 | any |
| clearswift | mailsweeper | 4.3 | any |
| clearswift | mailsweeper | 4.3.3 | any |
| clearswift | mailsweeper | 4.3.4 | any |
| clearswift | mailsweeper | 4.3.5 | any |
| clearswift | mailsweeper | 4.3.6 | any |
| clearswift | mailsweeper | 4.3.6_sp1 | any |
| clearswift | mailsweeper | 4.3.7 | any |
| clearswift | mailsweeper | 4.3.8 | any |
| clearswift | mailsweeper | 4.3.10 | any |
| clearswift | mailsweeper | 4.3.11 | any |
| clearswift | mailsweeper | 4.3.13 | any |
| f-secure | f-secure_anti-virus | 4.51 | any |
| f-secure | f-secure_anti-virus | 4.51 | any |
| f-secure | f-secure_anti-virus | 4.51 | any |
| f-secure | f-secure_anti-virus | 4.52 | any |
| f-secure | f-secure_anti-virus | 4.52 | any |
| f-secure | f-secure_anti-virus | 4.52 | any |
| f-secure | f-secure_anti-virus | 4.60 | any |
| f-secure | f-secure_anti-virus | 5.5 | any |
| f-secure | f-secure_anti-virus | 5.41 | any |
| f-secure | f-secure_anti-virus | 5.41 | any |
| f-secure | f-secure_anti-virus | 5.41 | any |
| f-secure | f-secure_anti-virus | 5.42 | any |
| f-secure | f-secure_anti-virus | 5.42 | any |
| f-secure | f-secure_anti-virus | 5.42 | any |
| f-secure | f-secure_anti-virus | 5.52 | any |
| f-secure | f-secure_anti-virus | 6.21 | any |
| f-secure | f-secure_anti-virus | 2003 | any |
| f-secure | f-secure_anti-virus | 2004 | any |
| f-secure | f-secure_for_firewalls | 6.20 | any |
| f-secure | f-secure_internet_security | 2003 | any |
| f-secure | f-secure_internet_security | 2004 | any |
| f-secure | f-secure_personal_express | 4.5 | any |
| f-secure | f-secure_personal_express | 4.6 | any |
| f-secure | f-secure_personal_express | 4.7 | any |
| f-secure | internet_gatekeeper | 6.31 | any |
| f-secure | internet_gatekeeper | 6.32 | any |
| rarlab | winrar | 3.20 | any |
| redhat | lha | 1.14i-9 | any |
| sgi | propack | 2.4 | any |
| sgi | propack | 3.0 | any |
| stalker | cgpmcafee | 3.2 | any |
| tsugio_okamoto | lha | 1.14 | any |
| tsugio_okamoto | lha | 1.15 | any |
| tsugio_okamoto | lha | 1.17 | any |
| winzip | winzip | 9.0 | any |
| redhat | fedora_core | core_1.0 | any |
References 13
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
- lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
- marc.info http://marc.info/?l=bugtraq&m=108422737918885&w=2
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200405-02.xml
- debian.org http://www.debian.org/security/2004/dsa-515
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-178.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-179.html
- securityfocus.com http://www.securityfocus.com/bid/10243
- bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=1833
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978
Remediation
- securityfocus.com http://www.securityfocus.com/bid/10243