1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#263559: [CAN-2004-0771] Buffer overflow in the extract_one function

    From J.H.M. Dassen (Ray)@1:229/2 to GOTO Masanori on Mon Aug 16 22:30:11 2004
    From: [email protected]

    On Tue, Aug 17, 2004 at 00:12:41 +0900, GOTO Masanori wrote:
    Ray, why did you submit this bug report?

    Looking at the time I submitted it, I obviously wasn't yet awake enough to realise that the description for CAN-2004-0771 matched up with your
    changelog entry, and I thus assumed it was a new issue. Sorry for the confusion.

    Ray
    --
    Gartner is what you get when you pipe statistics through consultants.
    - jtv


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From J.H.M. Dassen (Ray)@1:229/2 to All on Thu Aug 5 07:40:07 2004
    From: [email protected]

    Package: lha
    Version: 1.14i-9
    Severity: grave
    Tags: security upstream woody sarge sid

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0771 :

    +-----------------------------------------------------------------------------+ | Name | CAN-2004-0771 (under review) | |-------------+---------------------------------------------------------------| | | Buffer overflow in the extract_one function from lhext.c in | | | LHA may allow attackers to execute arbitrary code via a long | | Description | w (working directory) command line option, a different issue | | | than CAN-2004-0769. NOTE: this issue may be REJECTED if there | | | are not any cases in which LHA is setuid or is otherwise used | | | across security boundaries. | |-------------+---------------------------------------------------------------| | | * BUGTRAQ:20040515 lha buffer overflow(s) again | | | * URL:http://www.securityfocus.com/archive/1/363418 | | | * BUGTRAQ:20040606 Re: [SECURITY] [DSA 515-1] New lha | | | packages fix several | | | * URL:http://marc.theaimsgroup.com/?l=bugtraq&m= | | References | 108668791510153 | | | * MISC:http://bugs.gentoo.org/show_bug.cgi?id=51285 | | | * XF:lha-extractone-bo(16196) | | | * URL:http://xforce.iss.net/xforce/xfdb/16196 | | | * BID:10354 | | | * URL:http://www.securityfocus.com/bid/10354 | |-------------+---------------------------------------------------------------|

    -- System Information:
    Debian Release: 3.1
    APT prefers unstable
    APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing') Architecture: i386 (i686)
    Kernel: Linux 2.4.27-rc5
    Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
    --
    Obsig: developing a new sig


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Matt Zimmerman@1:229/2 to All on Thu Aug 5 08:40:07 2004
    From: [email protected]

    On Thu, Aug 05, 2004 at 07:28:59AM +0200, J.H.M. Dassen (Ray) wrote:

    Package: lha
    Version: 1.14i-9
    Severity: grave
    Tags: security upstream woody sarge sid

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0771 :

    gotom, is this addressed by the package you sent me (there was no CVE), or
    is it a new issue?

    --
    - mdz


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)