Microsoft Exchange SMTP extended verb request buffer overflow
| exchange-smtp-verb-bo (13432) |  High Risk |
Description:
Microsoft Exchange and Microsoft Exchange are vulnerable to a buffer overflow, caused by improper bounds checking. By connecting to an SMTP port on the vulnerable Exchange server, a remote attacker could send a specially-crafted extended verb request, which is used to communicate Exchange-specific information among Exchange servers, to overflow a buffer and cause the SMTP service to fail and execute arbitrary code on the system with Local System privileges.
Platforms Affected:
- Microsoft, Exchange Server 2000 SP3
- Microsoft, Exchange Server 5.0 SP2
- Microsoft, Exchange Server 5.5 SP4
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS03-046. See References.
Consequences:
Gain Access
References:
- CERT Advisory CA-2003-27, Multiple Vulnerabilities in Microsoft Windows and Exchange at http://www.cert.org/advisories/CA-2003-27.html.
- CIAC Information Bulletin O-005, Microsoft Exchange Server Vulnerabilities at http://www.ciac.org/ciac/bulletins/o-005.shtml.
- Microsoft Security Bulletin MS03-046, Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436) at http://www.microsoft.com/technet/security/bulletin/ms03-046.mspx.
- VulnWatch Mailing List, Wed Oct 22 2003 - 04:13:56 CDT, MS03-046 Microsoft Exchange 2000 Heap Overflow at http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0018.html.
- BID-8838: Microsoft Exchange Server Buffer Overflow Vulnerability
- CVE-2003-0714: The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
- US-CERT VU#422156: Microsoft Exchange Server fails to properly handle specially crafted SMTP extended verb requests
Reported:
Oct 15, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net