Microsoft Exchange X-LINK2STATE buffer overflow

2006-01-13T00:00:00
ID SAINT:3A81130EC74F8D1E58BBF01412DAA563
Type saint
Reporter SAINT Corporation
Modified 2006-01-13T00:00:00

Description

Added: 01/13/2006
CVE: CVE-2005-0560
BID: 13118
OSVDB: 15467

Background

Microsoft Exchange is an e-mail server for Microsoft Windows operating systems.

Problem

A buffer overflow condition in the handling of the X-LINK2STATE extended verb could allow a remote attacker to execute arbitrary commands.

Resolution

Install the patch referenced in Microsoft Security Bulletin 05-021.

References

<http://www.microsoft.com/technet/security/bulletin/ms05-021.mspx>

Limitations

Exploit works on Exchange 2000 SP3. Unauthenticated exploitation is not possible against Windows Server 2003. Since this is a heap-based buffer overflow, exploit may not be reliable. Automated penetration test might not be able to pick the correct Exchange target type since there is no way to determine it remotely.

Platforms

Windows 2000