Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
lha buffer overflow(s) again
May 15 2004 11:09AM
lw wszia edu pl
i posted it yesterday to bugs (at) redhat (dot) com [email concealed] but mailbox is disabled for that recipient :-/
Date: Sat, 15 May 2004 00:24:09 +0200 (CEST)
From: Lukasz Wojtow <gnz (at) student.wszia.edu (dot) pl [email concealed]>
To: bugs (at) redhat (dot) com [email concealed]
Subject: LHA buffer overflow (not the last one already fixed)
it seems that lha is quite poorly written. after your last advisory, i
decided to take a look at the code and found 2 BO in function extract_one
(file lhext.c):
if (extract_directory)
sprintf(name, "%s/%s", extract_directory, q);
else
strcpy(name, q);
i bet there is more...
Regards
Lukasz Wojtow
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
i posted it yesterday to bugs (at) redhat (dot) com [email concealed] but mailbox is disabled for that recipient :-/
Date: Sat, 15 May 2004 00:24:09 +0200 (CEST)
From: Lukasz Wojtow <gnz (at) student.wszia.edu (dot) pl [email concealed]>
To: bugs (at) redhat (dot) com [email concealed]
Subject: LHA buffer overflow (not the last one already fixed)
it seems that lha is quite poorly written. after your last advisory, i
decided to take a look at the code and found 2 BO in function extract_one
(file lhext.c):
if (extract_directory)
sprintf(name, "%s/%s", extract_directory, q);
else
strcpy(name, q);
i bet there is more...
Regards
Lukasz Wojtow
[ reply ]