In association with heise online

26 July 2006, 11:45

Tumbleweed's email firewall powerless against smuggled code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The email firewall from Tumbleweed can be tricked during the processing of email with manipulated LHA archives as attachments. Attackers can sneak code onto the computer, and then execute that code with the service's rights – usually super user rights.

wlha32.dll is the library responsible for this, but it is beset by three vulnerabilities at once. The first two security holes are related to the lack of testing for length of file and path names in the expanded LHA headers. The third leak can be exploited by attackers through overlong file names in archives.

The manufacturer is not releasing an update, but does recommend the following countermeasure: close the email firewall service, rename or delete the file wlha32.dll in the program directory, and then restart the service.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit