Buffer Overrun in Exchange Server SMTP Service New
A security flaw in Microsoft Exchange Server 5.5 could allow a remote attacker to run the code of their choice on the server by exploiting a buffer overrun in the SMTP service.
Issue
The Internet Mail Connector (IMC) enables Microsoft Exchange Server to communicate with other mail servers via SMTP. When the IMC receives an SMTP extended Hello (EHLO) protocol command from a connecting SMTP server, it responds by sending a status reply that starts with the following:
250-[Exchange server ID]Hello[Connecting server ID]
Where:
- [Exchange server ID] is the fully-qualified domain name (FQDN) of the Exchange server
- [Connecting server ID] is either the FQDN or the IP address of the server that initiated the connection. The FQDN would be used if the Exchange 5.5 IMC is able to resolve this information through a reverse DNS lookup; the IP address would be used if a reverse DNS lookup was not possible or failed to resolve the connecting servers IP address.
It is important to note that the attacker could not simply send data to the IMC in order to overrun the buffer. Instead, the attacker would need to create a set of conditions that would cause the IMC to overrun its own buffer when it generated the EHLO response. Specifically, the attacker would need to ensure that a reverse DNS lookup would not only succeed, but would provide an FQDN whose length was sufficient to result in the buffer overrun.
Affected Products
- Microsoft Exchange Server 5.5
Download
Software patches are available from the following locations:
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: July 25, 2002
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
 |
 |
|
More Guides » | Registry Guide | Support Forums | Software Guide | Scripting Guide | Search |  | |
