Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200409-13] LHa: Multiple vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
LHa: Multiple vulnerabilities

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-13
(LHa: Multiple vulnerabilities)

The command line argument as well as the archive parsing code of LHa lack
sufficient bounds checking. Furthermore, a shell meta character command
execution vulnerability exists in LHa, since it does no proper filtering on
directory names.


Using a specially crafted command line argument or archive, a possible hacker can
cause a buffer overflow and could possibly run arbitrary code. The shell
meta character command execution could lead to the execution of arbitrary
commands by a possible hacker using directories containing shell meta characters
in their names.


There is no known workaround at this time.


All LHa users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=app-arch/lha-114i-r4"
# emerge ">=app-arch/lha-114i-r4"

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.