[security] Conectiva Security Announcement - lha
Lorenzo Iannuzzi
nakis a libero.it
Sab 8 Maggio 2004 16:37:59 CEST
http://distro.conectiva.com.br/atualizacoes/?idioma=en
Ulf Härnhammar discovered a buffer overflow and a directory
traversal vulnerability in the lha utility. Both vulnerabilities
can be exploited by an attacker with the use of specially crafted
LHarc archives. When processed by lha, these files may cause it to
execute arbitrary code (exploiting the buffer overflow vulnerability)
or overwrite arbitrary files if the user unpacking the malicious
archive has sufficient filesystem permissions to do so (exploiting
the directory traversal vulnerability).
--
Ciao e alla prossima!
Lorenzo
Maggiori informazioni sulla lista
security