Network Security News Monitor - Wednesday, March 15, 2006 Events

unalz Archive Processing Traversal Arbitrary File Write

unalz contains a flaw that allows a remote attacker to write to files outside of the archive path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied within the archive file.. Read more.

Ipswitch IMail Server/Collaboration Suite IMAP FETCH Command Overflow

A remote overflow exists in Ipswitch IMail Server and Collaboration Suite. The product fails to verify the length of a buffer associated with the FETCH command resulting in a buffer overflow. With a specially crafted command, an attacker can cause the server to crash or possibly execute arbitrary code resulting in a loss of availability or integrity.. Read more.