SMTP Exchange denial of service
| smtp-exchangedos (344) |  High Risk |
Description:
Microsoft Exchange Server is vulnerable to a denial of service attack caused by a buffer overflow in multiple commands such as (HELO, RCPT TO, and MAIL FROM). A remote attacker can overflow a buffer and cause the server to crash or possibly execute arbitrary code on the system. The attack itself does not directly have any impact on the integrity of data stored by the Exchange Server.
Platforms Affected:
- Microsoft, Exchange Server 4.0
- Microsoft, Exchange Server 5.0
- Microsoft, Windows 2000
- Microsoft, Windows NT 4.0
Remedy:
Upgrade to Microsoft Exchange 5.5.
— OR —
Apply the latest Service Pack for Exchange 5.0 (Service Pack 1 or later).
Consequences:
Gain Access
References:
- Microsoft Knowledge Base Article 169174, XFOR: IMS Halts if RFC821 Address Over 1k in Size is Received at http://support.microsoft.com/default.aspx?scid=kb;[LN];169174.
- Microsoft Personal Support Center, Support Downloads for Exchange Server at http://support.microsoft.com/support/downloads/LNP489.asp.
- CVE-1999-0284: Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
Reported:
Jan 01, 1998
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net