Bugtraq mailing list archives

Microsoft responds to bug in Exchange Server

From: bagel () NEOSOFT COM (Tony Hagale)
Date: Tue, 27 Jan 1998 18:10:20 -0600


FORWARDED FROM A ROOTSHELL BULLETIN


02. Microsoft responds to bug in Exchange Server
------------------------------------------------


http://www.microsoft.com/exchange/guide/papers/smtp.asp?A=2B=6

SMTP Denial of Service Attack for Exchange
Server 4.0 and 5.0

January, 1998

Microsoft has provided this market bulletin to help make customers aware of
an issue with Exchange Server 4.0 and 5.0, which, although fixed in a
service pack last year, has recently been discussed in various Internet
forums. This issue does not effect Exchange Server 5.5.

This issue involves a denial of service attack that can potentially be used
by someone with malicious intent to crash Microsoft® Exchange Server 4.0 and
5.0 machines. In some cases, this attack could also allow the execution of
arbitrary code from the stack.

This problem was fixed last year with the release of Service Pack 1 for
Exchange 5.0. This bulletin provides additional information including
instructions on how to obtain these fixes.

(see their web site for additional information)

----------------------------------------------------------------------

"this attack could also allow the execution of arbitrary code from the
stack"

I sure am glad that I am not running Exchange.

----------------------------------------------------------------------



bagel () neosoft com
--Tony Hagale
+------------------------------------------------------------------------+
|-  Strake Jesuit Network Admin
|-  http://www.neosoft.com/~bagel
|-  bagel on EFNet IRC
|-  ICQ UIN: 3568586
|-  finger tony () amdg strakejesuit org for PGP key
|-  finger bagel () starbase neosoft com for geekcode
+-------------------------------------------------------------------------+

Current thread:

Re: pnserver exploit.., (continued)
- - - Re: pnserver exploit.. Angelos Karageorgiou (Jan 16)
    - Re: pnserver exploit.. Donald van de Weyer (Jan 21)
    - (AUSCERT ESB-98.009) CERT Advisory CA-98.02 - Vulnerabilities in Grant Beattie (Jan 21)
    - Q179148: Settings May Not Be Applied with URL with Short Filename Aleph One (Jan 23)
    - CDE: dtappgather on AIX Marcin Cieslak (Jan 25)
    - Simple OpenBSD crash script Jason Downs (Jan 25)
    - Re: Simple OpenBSD crash script GvS One (Jan 28)
    - Quake 2 Linux kevingeo () CRUZIO COM (Jan 25)
    - Re: Quake 2 Linux Greg Alexander (Jan 27)
    - Announcement: Phrack 52 route () RESENTMENT INFONEXUS COM (Jan 26)
    - Microsoft responds to bug in Exchange Server Tony Hagale (Jan 27)
    - Re: Announcement: Phrack 52 Olaf Kirch (Jan 28)
    - KSR[T] Advisory #7: filter KSR[T] (Jan 29)
    - Bug in IMail's pop3d32.exe RHS Linux User (Jan 29)
    - Secure Linux patch Solar Designer (Jan 29)
    - Gaining Domain Admins access on LAN (fwd) Weld Pond (Jan 28)
    - GZEXE - the big problem Micha? Zalewski (Jan 28)
  - Re: Xserver stack smashed Rahul Sahadevan (Jan 26)
  - Vulnerability in htmlscript Dennis Moore (Jan 26)
  - ANNOUNCE: Secure Syslog Lucio Torre (Jan 26)
  - Security flaw in htmlscript Joseph Jay Austin (Jan 27)

(Thread continues...)