CVE-2006-3901
CVSS7.5
发布时间 :2006-07-27 07:04:00
修订时间 :2016-10-17 23:40:29
NMCO    

[原文]Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename.


[CNNVD]Tumbleweed MailGate邮件防火墙多个LHA栈溢出漏洞(CNNVD-200607-483)

        MailGate邮件防火墙是Tumbleweed推出的综合性电子邮件安全产品。
        MailGate邮件防火墙中存在多个溢出漏洞,具体如下:
        1) 处理LHA扩展首部文件名时存在栈溢出;
        2) 处理LHA扩展首部目录名时存在栈溢出;
        3) 处理LHA文档中有超长文件名的文件时存在栈溢出。
        如果MailGate处理了包含有特制附件的邮件的话就会触发上述漏洞,导致执行任意指令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3901
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3901
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-483
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=full-disclosure&m=115378437918939&w=2
(UNKNOWN)  FULLDISC  20060724 Hustle -- Tumbleweed Email Firewall Remote
http://www.hustlelabs.com/advisories/04072006_tweed.pdf
(VENDOR_ADVISORY)  MISC  http://www.hustlelabs.com/advisories/04072006_tweed.pdf
http://www.securityfocus.com/archive/1/archive/1/441497/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060725 Hustle -- Tumbleweed Email Firewall Remote Vulnerability
http://www.securityfocus.com/bid/19146
(UNKNOWN)  BID  19146
http://www.vupen.com/english/advisories/2006/2970
(UNKNOWN)  VUPEN  ADV-2006-2970

- 漏洞信息

Tumbleweed MailGate邮件防火墙多个LHA栈溢出漏洞
高危 缓冲区溢出
2006-07-27 00:00:00 2006-08-26 00:00:00
远程  
        MailGate邮件防火墙是Tumbleweed推出的综合性电子邮件安全产品。
        MailGate邮件防火墙中存在多个溢出漏洞,具体如下:
        1) 处理LHA扩展首部文件名时存在栈溢出;
        2) 处理LHA扩展首部目录名时存在栈溢出;
        3) 处理LHA文档中有超长文件名的文件时存在栈溢出。
        如果MailGate处理了包含有特制附件的邮件的话就会触发上述漏洞,导致执行任意指令。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.tumbleweed.com/

- 漏洞信息

27495
Tumbleweed Email Firewall (EMF) LHA Processing MMSDecompose Function Multiple Overflow
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

A remote overflow exists in the Tumbleweed Email Firewall. The mail decomposer module (MMSDecompose) of Tumbleweed Email Firewall fails to handle specially crafted LHA compressed archives resulting in a stack overflow. By sending a crafted mail, an attacker can potentially execute arbitrary code resulting in a loss of integrity and/or availability.

- 时间线

2006-07-25 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround (apparently recommended by vendor to the vuln researcher): - Stopping EMF service - Removing or renaming the wlha32.dll file found in the EMF file directory - Restarting EMF service

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站