Tumbleweed's email firewall powerless against smuggled code
The email firewall from Tumbleweed can be tricked during the processing of email with manipulated LHA archives as attachments. Attackers can sneak code onto the computer, and then execute that code with the service's rights – usually super user rights.
wlha32.dll is the library responsible for this, but it is beset by three vulnerabilities at once. The first two security holes are related to the lack of testing for length of file and path names in the expanded LHA headers. The third leak can be exploited by attackers through overlong file names in archives.
The manufacturer is not releasing an update, but does recommend the following countermeasure: close the email firewall service, rename or delete the file wlha32.dll in the program directory, and then restart the service.
- Tumbleweed Email Firewall Remote Stack Overflow, Security advisory from Hustle Labs
(ehe)