CVE-2004-0235

NONE EPSS 89.6%
Published Aug 18, 200421y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 18, 2004 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

Threat Intelligence

EPSS Exploit Probability
89.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Affected Products 50

VendorProductVersionRange
clearswiftmailsweeper4.0any
clearswiftmailsweeper4.1any
clearswiftmailsweeper4.2any
clearswiftmailsweeper4.3any
clearswiftmailsweeper4.3.3any
clearswiftmailsweeper4.3.4any
clearswiftmailsweeper4.3.5any
clearswiftmailsweeper4.3.6any
clearswiftmailsweeper4.3.6_sp1any
clearswiftmailsweeper4.3.7any
clearswiftmailsweeper4.3.8any
clearswiftmailsweeper4.3.10any
clearswiftmailsweeper4.3.11any
clearswiftmailsweeper4.3.13any
f-securef-secure_anti-virus4.51any
f-securef-secure_anti-virus4.51any
f-securef-secure_anti-virus4.51any
f-securef-secure_anti-virus4.52any
f-securef-secure_anti-virus4.52any
f-securef-secure_anti-virus4.52any
f-securef-secure_anti-virus4.60any
f-securef-secure_anti-virus5.5any
f-securef-secure_anti-virus5.41any
f-securef-secure_anti-virus5.41any
f-securef-secure_anti-virus5.41any
f-securef-secure_anti-virus5.42any
f-securef-secure_anti-virus5.42any
f-securef-secure_anti-virus5.42any
f-securef-secure_anti-virus5.52any
f-securef-secure_anti-virus6.21any
f-securef-secure_anti-virus2003any
f-securef-secure_anti-virus2004any
f-securef-secure_for_firewalls6.20any
f-securef-secure_internet_security2003any
f-securef-secure_internet_security2004any
f-securef-secure_personal_express4.5any
f-securef-secure_personal_express4.6any
f-securef-secure_personal_express4.7any
f-secureinternet_gatekeeper6.31any
f-secureinternet_gatekeeper6.32any
rarlabwinrar3.20any
redhatlha1.14i-9any
sgipropack2.4any
sgipropack3.0any
stalkercgpmcafee3.2any
tsugio_okamotolha1.14any
tsugio_okamotolha1.15any
tsugio_okamotolha1.17any
winzipwinzip9.0any
redhatfedora_corecore_1.0any

References 13

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840
  • lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html
  • marc.info http://marc.info/?l=bugtraq&m=108422737918885&w=2
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200405-02.xml
  • debian.org http://www.debian.org/security/2004/dsa-515
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-178.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-179.html
  • securityfocus.com http://www.securityfocus.com/bid/10243
    ExploitPatchVendor Advisory
  • bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=1833
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/16013
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978

Remediation

  • securityfocus.com http://www.securityfocus.com/bid/10243
    ExploitPatchVendor Advisory