• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Tumbleweed MailGate Email Firewall Multiple LHA Buffer Overflow Vulnerabilities

Tumbleweed MailGate Email Firewall is prone to multiple buffer-overflow vulnerabilities in its LHA processing routines.

A successful attack can allow a remote attacker to corrupt process memory by triggering various overflow conditions in the LHA processing engine. This may lead to arbitrary code execution in the context of the MMSDecompose (a process of the EMF Decomposer component), resulting in a full compromise.

These vulnerabilities reportedly affect all versions of the Tumbleweed MailGate Email Firewall.