---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Tumbleweed Email Firewall LHA File Parsing Vulnerabilities SECUNIA ADVISORY ID: SA21194 VERIFY ADVISORY: http://secunia.com/advisories/21194/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: MailGate Email Firewall 6.x http://secunia.com/product/11136/ Tumbleweed Messaging Management System (MMS) 5.x http://secunia.com/product/3588/ DESCRIPTION: Ryan Smith has reported three vulnerabilities in Tumbleweed Email Firewall, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within the processing of LHA extended-header filenames can be exploited to cause a stack-based buffer overflow. 2) A boundary error within the processing of LHA extended-header directory names can be exploited to cause a stack-based buffer overflow. 3) A boundary error within the processing of files in LHA archives can be exploited to cause a stack-based buffer overflow via a specially crafted LHA archive containing files with overly long filenames. Successful exploitation of the vulnerabilities allows execution of arbitrary code when an e-mail with a specially crafted attachment is processed. SOLUTION: According to the researcher, the vendor will not be releasing a patch. Instead, the vendor has reportedly suggested a workaround (contact the vendor for more information). PROVIDED AND/OR DISCOVERED BY: Ryan Smith ORIGINAL ADVISORY: http://www.hustlelabs.com/advisories/04072006_tweed.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------