Title: Microsoft Exchange 5.5 LDAP Denial of Service Vulnerabilities
Severity: HIGH
Description:
Exchange Server is an email and directory server offered by Microsoft. The LDAP component of Exchange Server reportedly contains a vulnerability that can be exploited to cause a denial of service.
The vulnerability is due to an inability to handle malformed LDAP filter type values. When an LDAP requests is recieved containing such a field, the service reportedly becomes unresponsive. No other Exchange services are affected.
Exploitation of this vulnerability may result in a prolonged denial of LDAP service.
Further technical details are not yet available.
This problem was discovered using the PROTOS project's LDAPv3 test suite, which tests the security of a server by presenting it with a wide variety of sample packets containing unexpected values or illegally formatted data.
Affected Products:
- Microsoft Exchange Server 5.5
- Microsoft Exchange Server 5.5 SP1
- Microsoft Exchange Server 5.5 SP2
- Microsoft Exchange Server 5.5 SP3
- Microsoft Exchange Server 5.5 SP4
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
