Title: Microsoft Exchange Server SMTP Extended Verb Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
Microsoft Exchange Server uses an SMTP extended verb to communicate routing information and other Exchange-specific information among the Exchange servers in an organization.
The Exchange SMTP service is prone to a buffer overflow vulnerability in the processing of the X-LINK2STATE SMTP extended verb. A remote attacker could exploit the vulnerability by sending malicious data to the SMTP port (TCP port 25 by default) on a vulnerable Exchange Server. This causes a heap overflow in the SvrAppendReceivedChunk function of xlsasink.dll. By default, the SMTP service runs as Local System.
On servers running Exchange 2000, any anonymous user able to connect to the SMTP port could exploit this vulnerability. On servers running Exchange 2003, only users authenticated as an account in the Exchange Enterprise Servers or Exchange Domain Servers groups could exploit the vulnerability.
Affected Products:
- Microsoft Exchange Server 2000
- Microsoft Exchange Server 2000 SP1
- Microsoft Exchange Server 2000 SP2
- Microsoft Exchange Server 2000 SP3
- Microsoft Exchange Server 2003
- Microsoft Exchange Server 2003 SP1
References:
- Microsoft: Microsoft Security Bulletin MS05-021
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
