|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Alert: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)
From: Russ (Russ.Cooper
RC.ON.CA)
Date: Wed Oct 15 2003 - 18:38:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
Summary:
Version Number: V1.0
Revision Date: 10-15-2003
Patch(es) Replaced: None
Caveats: None
CVE Number(s): CAN-2003-0714
Tested Software:
Affected Software:
* Microsoft Exchange Server 5.5, Service Pack 4
* Microsoft Exchange 2000 Server, Service Pack 3
Software Not Affected:
* Microsoft Exchange Server 2003
Technical Description:
In Exchange Server 5.5, a security vulnerability exists in the Internet
Mail Service that could allow an unauthenticated attacker to connect to
the SMTP port on an Exchange server and issue a specially-crafted
extended verb request that could allocate a large amount of memory. This
could shut down the Internet Mail Service or could cause the server to
stop responding because of a low memory condition. In Exchange 2000
Server, a security vulnerability exists that could allow an
unauthenticated attacker to connect to the SMTP port on an Exchange
server and issue a specially-crafted extended verb request. That request
could cause a denial of service that is similar to the one that could
occur on Exchange 5.5. Additionally, if an attacker issues the request
with carefully chosen data, the attacker could cause a buffer overrun
that could allow the attacker to run malicious programs of their choice
in the security context of the SMTP service.
This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa. Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]