Tech Support Guy banner
Status
Not open for further replies.

Microsoft Exchange Server 5.5 Vulnerability: July 24

647 views 0 replies 1 participant last post by  eddie5659 
#1 ·
Hiya

The Internet Mail Connector (IMC) enables Microsoft Exchange Server
to communicate with other mail servers via SMTP. When the IMC
receives an SMTP extended Hello (EHLO) protocol command from a
connecting SMTP server, it responds by sending a status reply that
starts with the following:
250-<Exchange server ID>Hello<Connecting server ID>

Where:
<Exchange server ID> is the fully-qualified domain name (FQDN) of
the Exchange server <Connecting server ID> is either the FQDN or
the IP address of the server that initiated the connection.

The FQDN would be used if the Exchange5.5 IMC is able to resolve
this information through a reverse DNS lookup; the IP address
would be used if a reverse DNS lookup was not possible or failed
to resolve the connecting servers IP address.

A security vulnerability results because of an unchecked buffer
In the IMC code that generates the response to the EHLO protocol
command. If the total length of the message exceeds a particular
value, the data would overrun the buffer. If the buffer were
overrun with random data, it would result in the failure of the
IMC. If, however, the buffer were overrun with carefully chosen
data, it could be possible for the attacker to run code in the
security context of the IMC, which runs as Exchange5.5 Service
Account.

It is important to note that the attacker could not simply send
Data to the IMC in order to overrun the buffer. Instead, the
Attacker would need to create a set of conditions that would
cause the IMC to overrun its own buffer when it generated the
EHLO response. Specifically, the attacker would need to ensure
that a reverse DNS lookup would not only succeed, but would
provide an FQDN whose length was sufficient to result in the
buffer overrun.

Maximum Severity Rating: Moderate

Affected Software:

Microsoft Exchange Server 5.5

Download locations for this patch
Microsoft Exchange 5.5 Service Pack 4:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40666

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-037.asp

Regards

eddie
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top