| VID |
18056 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Windows Exchange SMTP service is vulnerable to a Buffer Overflow Vulnerability via extended verb requests.
Microsoft Exchange is a popular collaboration product which includes extensive support for electronic mail, including support for SMTP. Exchange uses SMTP to communicate special handling instructions from one Exchange server to another through the use of SMTP extended verbs. However, Exchange 5.5 and Exchange 2000 are vulnerable to a buffer overflow vulnerability via extended verb requests, caused by improper bounds checking. By connecting to the SMTP port on an Exchange server and issuing a specially-crafted extended verb request, an unauthenticated attacker can cause a buffer overrun and cause the SMTP server to shut down and execute attacker's code in the security context of the SMTP service.
* References:
http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
http://www.kb.cert.org/vuls/id/422156
* Platforms Affected:
Microsoft Exchange Server 5.5, Service Pack 4
Microsoft Exchange Server 2000, Service Pack 3
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-046 at http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
-- OR --
As a workaround,
Filter out any SMTP protocol extensions using ISA publishing rules for Exchange from http://support.microsoft.com/default.aspx?scid=kb;en-us;311237
-- OR --
Only accept authenticated SMTP sessions as the following steps:
For Exchange 2000 server,
1. Start Exchange System Manager and Locate the server in the organization tree.
3. Expand the Protocols container for the server and then Expand the SMTP container.
4. For each SMTP virtual server:
- Open the properties and of the virtual server object.
- Click the Access properties page.
- Click the Authentication button.
- Clear the "Anonymous Access" checkbox.
For Exchange 5.5 server, to require authentication for inbound connections:
1. Click the Connections page.
2. In the "Accept Connections" Section, mark the radio button for "Only from hosts using Authentication."
-- OR --
Block the port(25) that SMTP uses using a firewall. |
| Related URL |
CVE-2003-0714 (CVE) |
| Related URL |
8838 (SecurityFocus) |
| Related URL |
13432 (ISS) |
|
