Bugtraq mailing list archives
Microsoft responds to bug in Exchange Server
From: bagel () NEOSOFT COM (Tony Hagale)
Date: Tue, 27 Jan 1998 18:10:20 -0600
FORWARDED FROM A ROOTSHELL BULLETIN 02. Microsoft responds to bug in Exchange Server ------------------------------------------------ http://www.microsoft.com/exchange/guide/papers/smtp.asp?A=2B=6 SMTP Denial of Service Attack for Exchange Server 4.0 and 5.0 January, 1998 Microsoft has provided this market bulletin to help make customers aware of an issue with Exchange Server 4.0 and 5.0, which, although fixed in a service pack last year, has recently been discussed in various Internet forums. This issue does not effect Exchange Server 5.5. This issue involves a denial of service attack that can potentially be used by someone with malicious intent to crash Microsoft® Exchange Server 4.0 and 5.0 machines. In some cases, this attack could also allow the execution of arbitrary code from the stack. This problem was fixed last year with the release of Service Pack 1 for Exchange 5.0. This bulletin provides additional information including instructions on how to obtain these fixes. (see their web site for additional information) ---------------------------------------------------------------------- "this attack could also allow the execution of arbitrary code from the stack" I sure am glad that I am not running Exchange. ---------------------------------------------------------------------- bagel () neosoft com --Tony Hagale +------------------------------------------------------------------------+ |- Strake Jesuit Network Admin |- http://www.neosoft.com/~bagel |- bagel on EFNet IRC |- ICQ UIN: 3568586 |- finger tony () amdg strakejesuit org for PGP key |- finger bagel () starbase neosoft com for geekcode +-------------------------------------------------------------------------+
Current thread:
- Re: pnserver exploit.., (continued)
- Re: pnserver exploit.. Angelos Karageorgiou (Jan 16)
- Re: pnserver exploit.. Donald van de Weyer (Jan 21)
- (AUSCERT ESB-98.009) CERT Advisory CA-98.02 - Vulnerabilities in Grant Beattie (Jan 21)
- Q179148: Settings May Not Be Applied with URL with Short Filename Aleph One (Jan 23)
- CDE: dtappgather on AIX Marcin Cieslak (Jan 25)
- Simple OpenBSD crash script Jason Downs (Jan 25)
- Re: Simple OpenBSD crash script GvS One (Jan 28)
- Quake 2 Linux kevingeo () CRUZIO COM (Jan 25)
- Re: Quake 2 Linux Greg Alexander (Jan 27)
- Announcement: Phrack 52 route () RESENTMENT INFONEXUS COM (Jan 26)
- Microsoft responds to bug in Exchange Server Tony Hagale (Jan 27)
- Re: Announcement: Phrack 52 Olaf Kirch (Jan 28)
- KSR[T] Advisory #7: filter KSR[T] (Jan 29)
- Bug in IMail's pop3d32.exe RHS Linux User (Jan 29)
- Secure Linux patch Solar Designer (Jan 29)
- Gaining Domain Admins access on LAN (fwd) Weld Pond (Jan 28)
- GZEXE - the big problem Micha? Zalewski (Jan 28)