Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Lhaplus Vulnerability

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Lhaplus Vulnerability

April 28, 2008
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Koji Nishigaki) has issued the Security Alert for Lhaplus Vulnerability on April 28, 2008.
This vulnerability allows an attacker to execute arbitrary code when a user decompresses a specially crafted file.
When exploited, an attacker could take control over the computer and, for example, execute unauthorized programs, delete files and install malicious tools such as bot software.
To fix the problem, update to the fixed version provided by the product vendor.

1.Overview

Lhaplus is a file compression/decompression software to reduce the size of electronic files. It supports the data compression format lzh and zip for instance. Lhaplus is vulnerable to buffer overflow due to the problem in the decompression process. When exploited, an attacker could execute arbitrary code on the computer installed with Lhaplus.

This vulnerability is different from “Security Alert for Lhaplus Vulnerability” issued on September 21, 2007 and on November 22, 2007.

For the latest information, please refer to:
http://jvndb.jvn.jp/contents/en/2008/JVNDB-2008-000022.html

The following creditee reported this vulnerability to IPA on February 13, 2008. JPCERT Coordination Center (JPCERT/CC) coordinated with the product vendors and published the vulnerability on April 28, 2008, under Information Security Early Warning Partnership.
Credit: Yuji Ukai of Fourteenforty Research Institute, Inc.

2.Impact

An attacker could execute unauthorized programs, delete files and install malicious tools such as bot and virus software when a user open (decompresses) a specially crafted file obtained via emails, web sites or file exchange software.

Security Alert for Lhaplus Vulnerability

3.Solution

To fix the problem, update to the fixed version provided by the product vendor.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
Medium
(4.0~6.9)
High
(7.0~10.0)
CVSS base score   6.8  

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High ■ Medium □ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact □ None ■ Partial □ Complete
I:Integrity Impact □ None ■ Partial □ Complete
A:Availability Impact □ None ■ Partial □ Complete

■:Selected Values

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: