| VID |
26069 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix(KB829436) for 'Buffer Overflow Vulnerability in Exchange Server due to extended verb requests' has not been applied.
Microsoft Exchange is a popular collaboration product which includes extensive support for electronic mail, including support for SMTP. Exchange uses SMTP to communicate special handling instructions from one Exchange server to another through the use of SMTP extended verbs. However, Exchange 5.5 and Exchange 2000 are vulnerable to a buffer overflow vulnerability via extended verb requests, caused by improper bounds checking. By connecting to the SMTP port on an Exchange server and issuing a specially-crafted extended verb request, an unauthenticated attacker can cause a buffer overrun and cause the SMTP server to shut down and execute attacker's code in the security context of the SMTP service.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
http://www.kb.cert.org/vuls/id/422156
* Platforms Affected:
Microsoft Exchange Server 5.5, Service Pack 4
Microsoft Exchange Server 2000, Service Pack 3
Windows 2000 Any version
Windows NT Any version
Windows XP Any version |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-046 at http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
-- OR --
As a workaround, filter out any SMTP protocol extensions using ISA publishing rules for Exchange from http://support.microsoft.com/default.aspx?scid=kb;en-us;311237.
-- OR --
Only accept authenticated SMTP sessions as the following steps.
For Exchange 2000 server,
1. Start Exchange System Manager and Locate the server in the organization tree.
3. Expand the Protocols container for the server and then Expand the SMTP container.
4. For each SMTP virtual server:
- Open the properties and of the virtual server object.
- Click the Access properties page.
- Click the Authentication button.
- Clear the "Anonymous Access" checkbox.
For Exchange 5.5 server, to require authentication for inbound connections:
1. Click the Connections page.
2. In the "Accept Connections" Section, mark the radio button for "Only from hosts using Authentication."
-- OR --
Block the port(25) that SMTP uses using a firewall. |
| Related URL |
CVE-2003-0714 (CVE) |
| Related URL |
8838 (SecurityFocus) |
| Related URL |
13432 (ISS) |
|
