Network Security News – Wednesday, March 15, 2006 Events
unalz Archive Processing Traversal Arbitrary File Write
unalz contains a flaw that allows a remote attacker to write to files outside of the archive path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied within the archive file.. Read more at osvdb.org/23835
Ipswitch IMail Server/Collaboration Suite IMAP FETCH Command Overflow
A remote overflow exists in Ipswitch IMail Server and Collaboration Suite. The product fails to verify the length of a buffer associated with the FETCH command resulting in a buffer overflow. With a specially crafted command, an attacker can cause the server to crash or possibly execute arbitrary code resulting in a loss of availability or integrity.. Read more at osvdb.org/23796