Bugtraq mailing list archives

Microsoft Security Bulletin (MS99-027)

From: aleph1 () UNDERGROUND ORG (Aleph One)
Date: Fri, 6 Aug 1999 12:29:17 -0700


The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

Microsoft Security Bulletin (MS99-027)
--------------------------------------

Patch Available for "Encapsulated SMTP Address" Vulnerability

Originally Posted: August 06, 1999

Summary
=======
Microsoft has released a patch that eliminates a security vulnerability in
Microsoft(r)  Exchange(r) Server. The vulnerability could allow an attacker
to perform mail relaying via an  Exchange server that is configured to act
as a gateway for other Exchange sites using the  Internet Messaging Service.

Frequently asked questions regarding this vulnerability can be
found at http://www.microsoft.com/security/bulletins/MS99-027faq.asp

Issue
=====
Exchange Server implements features designed to defeat "mail relaying", a
practice in which an  attacker causes an e-mail server to forward mail from
the attacker, as though the server were the  sender of the mail. However, a
vulnerability exists in this feature, and could allow an attacker  to
circumvent the anti-relaying features in an Internet-connected Exchange
Server.

The vulnerability lies in the way that site-to-site relaying is performed
via SMTP. Encapsulated  SMTP addresses could be used to send mail to any
desired e-mail address. The patch eliminates the  vulnerability by making
encapsulated SMTP addresses subject to the same anti-relay protections as
non-encapsulated SMTP addresses.

Affected Software Versions
==========================
 - Microsoft Exchange Server 5.5

Patch Availability
==================
 - ftp://ftp.microsoft.com/bussys/exchange/exchange-public
   /fixes/Eng/Exchg5.5/PostSP2/imc-fix

  NOTE: Line breaks have been inserted into the above URL for readability.

More Information
================
Please see the following references for more information related to this
issue.
 - Microsoft Security Bulletin MS99-027: Frequently Asked Questions,
   http://www.microsoft.com/security/bulletins/MS99-027faq.asp.
 - Microsoft Knowledge Base (KB) article Q237927,
   XIMS: Messages Sent to Encapsulated SMTP Address Are Rerouted
   Even Though Rerouting Is Disabled,
   http://support.microsoft.com/support/kb/articles/q237/9/27.asp.
 - Microsoft Security Advisor web site,
   http://www.microsoft.com/security/default.asp.

Obtaining Support on this Issue
===============================
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at
http://support.microsoft.com/support/contact/default.asp.

Acknowledgments
===============
Microsoft acknowledges Laurent Frinking of Quark Deutschland GmbH for
bringing this issue to our  attention and working with us to alert customers
about it.

Revisions
=========
 - August 06, 1999: Bulletin Created.

-----------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS"
WITHOUT WARRANTY OF  ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES  OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION  OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL,  CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,
EVEN IF MICROSOFT CORPORATION OR ITS  SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE  EXCLUSION OR
LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
FOREGOING  LIMITATION MAY NOT APPLY.

(c) 1999 Microsoft Corporation. All rights reserved.

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST () ANNOUNCE MICROSOFT COM
The subject line and message body are not used in processing the request,
and can be anything you like.

For  more  information on  the  Microsoft  Security Notification  Service
please visit http://www.microsoft.com/security/services/bulletin.asp. For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

Current thread:

Cisco 675 password nonsense DeMoNx (Jul 31)
- Re: Cisco 675 password nonsense Brian Elfert (Aug 03)
  - Re: Cisco 675 password nonsense Dave Dittrich (Aug 06)
    - Microsoft Security Bulletin MS99-027 Microsoft Product Security Response Team (Aug 06)
    - Re: Cisco 675 password nonsense Brian Elfert (Aug 06)
    - Microsoft Security Bulletin (MS99-027) Aleph One (Aug 06)
    - Re: Cisco 675 password nonsense Signal 11 (Aug 07)
    - Remote DoS of WebTrends Enterprise Reporting Server rpc (Aug 08)
    - sdtcm_convert Joel Eriksson (Aug 08)
    - NetBSD Security Advisory 1999-011 Ross Harvey (Aug 08)
    - MS IE FTP Folder Shell Extension Buffer Overflow s.hird () STUDENT QUT EDU AU (Aug 09)
    - [jen () ettnet se: sdtcm_convert] Joel Eriksson (Aug 09)
    - Bay Annex-Pri Privacy Issues lumpy (Aug 09)
    - Re: Bay Annex-Pri Privacy Issues Eric Vyncke (Aug 10)
    - Re: Bay Annex-Pri Privacy Issues Dick St.Peters (Aug 11)
- Re: Cisco 675 password nonsense The Tech-Admin Dude (Aug 03)

(Thread continues...)