Microsoft Exchange Multiple SMTP Command DoS

1998-03-10T00:00:00
ID OSVDB:6031
Type osvdb
Reporter OSVDB
Modified 1998-03-10T00:00:00

Description

Vulnerability Description

Microsoft Exchange Server contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO, RCPT TO or MAIL FROM command containing 1024 or more characters to port 25, an attacker will crash the server.

Solution Description

Upgrade to version 5.0 Service Pack 2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Microsoft Exchange Server contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO, RCPT TO or MAIL FROM command containing 1024 or more characters to port 25, an attacker will crash the server.

References:

Related OSVDB ID: 5970 Related OSVDB ID: 6117 Related OSVDB ID: 6118 Microsoft Knowledge Base Article: 169174 Mail List Post: http://www.securityfocus.com/archive/1/8741 ISS X-Force ID: 344 Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/heloexpl.c CVE-1999-0284 Bugtraq ID: 8555