| VID |
18045 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The MS SMTP server allows a remote attacker to bypass the proper authentication for SMTP service.
By default, SMTP service is installed as part of Windows 2000 server products and as part of the IMC(Internet Mail Connector) for MS Exchange Server 5.5. However, this SMTP service has a flaw that unauthorized user can authenticate to SMTP service bypassing the authentication. The SMTP server supports the SMTP AUTH command, NTML option, and normal users authenticate to the server via an NTLM challenge-response. This mechanism was designed that it should perform additional checks before granting the user access to the service, on receiving notification from the NTLM authentication layer of the underlying operating system that a user has been authenticated. This vulnerability arises due to handling this additional checking incorrectly. You can check the vulnerable system using the following example scripts:
% telnet X.X.X.X 25
¡¦.
220 .. Microsoft ESMTP MAIL Service, Version : ...
Helo domain.com
250 ... Hello [...]
AUTH NTLM TlRMTVNTUAABAAAAB4IAgAAAAAAAAAAAAAAAAAAAAAA=
334 TlRMTVNTUAACAAAAHAAcADAA.......
TlRMTVNTUAADAAAAAQABAEAAAAAAAAAAQQAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABBAAAABYIAAAA=
235 2.7.0 Authentication successfull
It allows a remote attacker to gain unauthorized user-level access to the SMTP service.
Using this vulnerability, a remote attacker cannot read other user's email, nor to send mail as other users, but, can perform mail relaying via the server.
* Reference :
http://www.microsoft.com/technet/security/bulletin/MS02-011.asp
http://www.securityfocus.com/archive/1/259180
http://www.securityfocus.com/bid/4205
* Platform Affected :
Microsoft Exchange Server 5.5
Microsoft Exchange Server 5.5 SP1~SP4
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1~SP2
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Advanced Server SP1~SP2
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1~SP2 |
| Recommendation |
Apply the Patch for this vulnerability from Microsoft web site
* For MS Windows 2000 Advanced Server, Professional, Server :
1. Open the web page http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36556.
2. Click the [Download] to download the Windows 2000 Security Patch SMTP Rollup.
* For MS Exchange Server 5.5 :
1. Open the web page http://www.microsoft.com/Downloads/Release.asp?ReleaseID=33423.
2. Click the [Download] to download the Exchange 5.5 IMC Patch 2655.55. |
| Related URL |
CVE-2002-0054 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
