J-Security Center

Title: Microsoft Exchange Server Empty MIME Boundary DoS

Severity: MODERATE

Description:

If the boundary string is missing in the Content-Type field of a MIME-encoded message, Exchange server will cease to operate if it attempts to relay the message.

From the Microsoft Knowledge Base article Q217155:
When Microsoft Internet Mail Service receives a MIME-encoded message that has a large MIME prolog and the message is relayed, an endless loop in content conversion may result in a temporary file with an .stf extension that grows until all the disk space is consumed or the Internet Mail Service is shut down. The .stf file can also grow as a result of a POP3 or IMAP4 client downloading mail from the server.

This problem is typically because of a missing boundary before a body part causing the body part to be interpreted as part of the prolog. If the prolog is big enough to be within approximately 76 bytes of the current available buffer space, the prolog is emitted but leaving no room for the boundary to fit in. This results in an endless loop of emitting the same prolog over and over again while the temporary file grows in size.

Affected Products:

  • Microsoft Exchange Server 5.5.0
  • Microsoft Exchange Server 5.5.0SP1
  • Microsoft Exchange Server 5.5.0SP2

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.