Microsoft Exchange Server Encapsulated SMTP Address Open Relay

1999-08-06T00:00:00
ID OSVDB:1031
Type osvdb
Reporter Laurent Frinking()
Modified 1999-08-06T00:00:00

Description

Vulnerability Description

Exchange contains a flaw that may allow a malicious user to use the server as a mail relay. The issue is triggered when the mail is sent with encapsulated SMTP addresses, which are not subject to anti-relaying rules. It is possible that the flaw may allow unauthorized mail to be sent through the server.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Exchange contains a flaw that may allow a malicious user to use the server as a mail relay. The issue is triggered when the mail is sent with encapsulated SMTP addresses, which are not subject to anti-relaying rules. It is possible that the flaw may allow unauthorized mail to be sent through the server.

References:

Microsoft Security Bulletin: MS99-027 Microsoft Knowledge Base Article: Q237927 ISS X-Force ID: 3107 CVE-1999-0682 CIAC Advisory: j-056 Bugtraq ID: 567