Microsoft Windows SMTP Authentication Bypass

2001-07-05T00:00:00
ID OSVDB:581
Type osvdb
Reporter OSVDB
Modified 2001-07-05T00:00:00

Description

Vulnerability Description

The Windows 2000 SMTP service contains a flaw that may allow a remote unauthenticated user to gain user-level privileges. Due to a weakness in the authentication mechanism, an attacker could potentially bypass this process. Upon doing so, the attacker would have user-level (not administrative) privileges to the mail server which would allow them to use the server as a mail relay. This vulnerability affects Windows 2000 servers configured in standalone mode, not Exchange servers or systems which are part of a domain.

Short Description

The Windows 2000 SMTP service contains a flaw that may allow a remote unauthenticated user to gain user-level privileges. Due to a weakness in the authentication mechanism, an attacker could potentially bypass this process. Upon doing so, the attacker would have user-level (not administrative) privileges to the mail server which would allow them to use the server as a mail relay. This vulnerability affects Windows 2000 servers configured in standalone mode, not Exchange servers or systems which are part of a domain.

Manual Testing Notes

Send a AUTH GSSAPI command to the smtp service and look for a 235/successful message

References:

Microsoft Security Bulletin: MS01-037 ISS X-Force ID: 6803 CVE-2001-0504 CIAC Advisory: l-107 CERT VU: 435963 Bugtraq ID: 2988