PT-2006-4747 · Tumbleweed · Tumbleweed Email Firewall

Ryan Smith

Published

2006-07-27

Updated

2018-10-17

CVE-2006-3901

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Tumbleweed Email Firewall (EMF) (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code via an email attachment with an LHA archive. This can occur in several scenarios, including when the LHA archive contains a file or directory with a long LHA extended header, when the "temporary pathname" field for decompressed output is greater than 2 bytes, or when the LHA archive has a long filename.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3901

Affected Products

Tumbleweed Email Firewall

PT-2006-4747 · Tumbleweed · Tumbleweed Email Firewall

CVE-2006-3901

Related Identifiers

Affected Products

References · 8