1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Microsoft Exchange Server 5.5 Vulnerability: July 24

Discussion in 'Web & Email' started by eddie5659, Jul 25, 2002.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    32,969
    Hiya

    The Internet Mail Connector (IMC) enables Microsoft Exchange Server
    to communicate with other mail servers via SMTP. When the IMC
    receives an SMTP extended Hello (EHLO) protocol command from a
    connecting SMTP server, it responds by sending a status reply that
    starts with the following:
    250-<Exchange server ID>Hello<Connecting server ID>

    Where:
    <Exchange server ID> is the fully-qualified domain name (FQDN) of
    the Exchange server <Connecting server ID> is either the FQDN or
    the IP address of the server that initiated the connection.

    The FQDN would be used if the Exchange5.5 IMC is able to resolve
    this information through a reverse DNS lookup; the IP address
    would be used if a reverse DNS lookup was not possible or failed
    to resolve the connecting servers IP address.

    A security vulnerability results because of an unchecked buffer
    In the IMC code that generates the response to the EHLO protocol
    command. If the total length of the message exceeds a particular
    value, the data would overrun the buffer. If the buffer were
    overrun with random data, it would result in the failure of the
    IMC. If, however, the buffer were overrun with carefully chosen
    data, it could be possible for the attacker to run code in the
    security context of the IMC, which runs as Exchange5.5 Service
    Account.

    It is important to note that the attacker could not simply send
    Data to the IMC in order to overrun the buffer. Instead, the
    Attacker would need to create a set of conditions that would
    cause the IMC to overrun its own buffer when it generated the
    EHLO response. Specifically, the attacker would need to ensure
    that a reverse DNS lookup would not only succeed, but would
    provide an FQDN whose length was sufficient to result in the
    buffer overrun.

    Maximum Severity Rating: Moderate

    Affected Software:

    Microsoft Exchange Server 5.5

    Download locations for this patch
    Microsoft Exchange 5.5 Service Pack 4:

    http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40666


    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-037.asp

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/88546

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice