Microsoft Exchange Internet Mail Service AUTH/AUTHINFO Command DoS

1998-07-24T00:00:00
ID OSVDB:11268
Type osvdb
Reporter OSVDB
Modified 1998-07-24T00:00:00

Description

Vulnerability Description

Microsoft Exchange contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the Internet Mail Service (IMS) not properly sanitizing user-supplied input. By passing overly long data to the AUTH or AUTHINFO commands, an attacker can trigger a buffer overflow and crash the service.

Short Description

Microsoft Exchange contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the Internet Mail Service (IMS) not properly sanitizing user-supplied input. By passing overly long data to the AUTH or AUTHINFO commands, an attacker can trigger a buffer overflow and crash the service.

References:

Microsoft Knowledge Base Article: Q169174 Microsoft Knowledge Base Article: 188341 Microsoft Knowledge Base Article: 188369 ISS X-Force ID: 1223 CVE-1999-0945 CIAC Advisory: i-080 Bugtraq ID: 924