Summary
This host is installed with Lhaplus and is prone to untrusted search path vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code with the privilege of the running application.
Impact Level: Application.
Solution
Upgrade to the Lhaplus version 1.58
For updates refer to http://www7a.biglobe.ne.jp/~schezo/
Insight
The flaw exists because the application loading libraries and executable in an insecure manner.
Affected
Lhaplus version 1.57 and prior
References
Severity
Classification
-
CVE CVE-2010-2368, CVE-2010-3158 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Arris DOCSIS Password Disclosure
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
- Apple Mac OS X Denial of Service Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)