| VID |
18065 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The target host is running a version of Microsoft SMTP server which has not been applied the patch for the MS04-035 (885881). Simple Mail Transfer Protocol (SMTP) is a widely-used e-mail transfer protocol. A remotely-exploitable buffer overflow condition exists in the SMTP service of Exchange Server 2003 and Windows Server 2003. If a vulnerable SMTP server can be caused to parse a maliciously-crafted DNS response, an attacker may gain full control of the server through memory corruption. The SMTP service is not enabled by default on Windows Server 2003.
* References:
http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx
* Platforms Affected:
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS04-035 at http://www.microsoft.com/technet/security/bulletin/MS04-035.asp
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2004-0840 (CVE) |
| Related URL |
11374 (SecurityFocus) |
| Related URL |
(ISS) |
|
