Malformed Bind Request Vulnerability

A vulnerability exists in the LDAP Bind function for Exchange 5.5. The vulnerability could allow denial of service attacks against an Exchange server or, under certain conditions, could allow arbitrary code to be run on the server.

Issue

The Bind function in the Exchange 5.5 Directory Service has an unchecked buffer that poses two threats to safe operation. The first is a denial of service threat. A malformed Bind request could overflow the buffer, causing the Exchange Directory service to crash. The server would not need to be rebooted, but the Exchange Directory service, and possibly dependent services as well, would need to be restarted in order to resume messaging service. The second threat is more esoteric and would be far more difficult to exploit. A carefully-constructed Bind request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither attack could occur accidentally.

Customers who are using Exchange but who have turned off LDAP support in the Directory Service are not at risk from this vulnerability. Customers also can reduce their vulnerability to attacks from external sources by filtering incoming packets destined for TCP port 389, the LDAP service port.

Affected Products

• Microsoft Exchange Server 5.5

Solution

A patch can be found at:

• X86-based Exchange: ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/PostSP2/DIR-fix/PSP2DIRI.EXE
• Alpha-based Exchange: ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/PostSP2/DIR-fix/PSP2DIRA.EXE

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: March 16, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<