发布时间 :2006-07-27 07:04:00
修订时间 :2016-10-17 23:40:29

[原文]Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename.

[CNNVD]Tumbleweed MailGate邮件防火墙多个LHA栈溢出漏洞(CNNVD-200607-483)

        1) 处理LHA扩展首部文件名时存在栈溢出;
        2) 处理LHA扩展首部目录名时存在栈溢出;
        3) 处理LHA文档中有超长文件名的文件时存在栈溢出。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  FULLDISC  20060724 Hustle -- Tumbleweed Email Firewall Remote
(UNKNOWN)  BUGTRAQ  20060725 Hustle -- Tumbleweed Email Firewall Remote Vulnerability
(UNKNOWN)  BID  19146
(UNKNOWN)  VUPEN  ADV-2006-2970

- 漏洞信息

Tumbleweed MailGate邮件防火墙多个LHA栈溢出漏洞
高危 缓冲区溢出
2006-07-27 00:00:00 2006-08-26 00:00:00
        1) 处理LHA扩展首部文件名时存在栈溢出;
        2) 处理LHA扩展首部目录名时存在栈溢出;
        3) 处理LHA文档中有超长文件名的文件时存在栈溢出。

- 公告与补丁


- 漏洞信息

Tumbleweed Email Firewall (EMF) LHA Processing MMSDecompose Function Multiple Overflow
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

A remote overflow exists in the Tumbleweed Email Firewall. The mail decomposer module (MMSDecompose) of Tumbleweed Email Firewall fails to handle specially crafted LHA compressed archives resulting in a stack overflow. By sending a crafted mail, an attacker can potentially execute arbitrary code resulting in a loss of integrity and/or availability.

- 时间线

2006-07-25 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround (apparently recommended by vendor to the vuln researcher): - Stopping EMF service - Removing or renaming the wlha32.dll file found in the EMF file directory - Restarting EMF service

- 相关参考

- 漏洞作者