|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Alert: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)
From: Russ (Russ.Cooper
RC.ON.CA)
Date: Tue Oct 21 2003 - 16:28:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
Summary:
Version Number: V1.0
Revision Date: 10-15-2003
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: None
Caveats: None
CVE Number(s): CAN-2003-0714
Tested Software:
Affected Software:
* Microsoft Exchange Server 5.5, Service Pack 4
<http://www.ntbugtraq.com/link/A9E872EA-54B0-4179-8AE9-5648BFB46459.asp>
* Microsoft Exchange 2000 Server, Service Pack 3
<http://www.ntbugtraq.com/link/7BAF5394-1B4E-4937-A570-9F232AE49F01.asp>
Software Not Affected:
* Microsoft Exchange Server 2003
Technical Description:
In Exchange Server 5.5, a security vulnerability exists in the Internet
Mail Service that could allow an unauthenticated attacker to connect to
the SMTP port on an Exchange server and issue a specially-crafted
extended verb request that could allocate a large amount of memory. This
could shut down the Internet Mail Service or could cause the server to
stop responding because of a low memory condition. In Exchange 2000
Server, a security vulnerability exists that could allow an
unauthenticated attacker to connect to the SMTP port on an Exchange
server and issue a specially-crafted extended verb request. That request
could cause a denial of service that is similar to the one that could
occur on Exchange 5.5. Additionally, if an attacker issues the request
with carefully chosen data, the attacker could cause a buffer overrun
that could allow the attacker to run malicious programs of their choice
in the security context of the SMTP service.
This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
-----
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]