Title: Microsoft Exchange Server AUTH / XAUTH / AUTHINFO DoS Vulnerabilities
Severity: MODERATE
Description:
Due to overflowable buffers in Exchange Server, it is possible for an attacker to remotely cause the Internet Mail Service or Information Store to stop responding.
Internet Mail Service handles SMTP (email) functionality for Exchange Server. If an attacker connects to port 25 and issues a long AUTH or XAUTH command, the service will stop responding. Other Exchange services should continue to function normally, and IMS can be restarted without rebooting the OS to restore full functionality.
The Information Store handles NNTP (newsgroups) functionality for Exchange Server. If an attacker connects to port 119 and issues a long AUTHINFO command, the service will stop responding. Other Exchange services may fail after the Information Store crashes, and all functionality can be restored by restarting the Information Store service without having to reboot the OS.
Affected Products:
- Microsoft Exchange Server 5.0.0
- Microsoft Exchange Server 5.0.0SP1
- Microsoft Exchange Server 5.0.0SP2
- Microsoft Exchange Server 5.5.0
References:
- Microsoft: Q188341: XFOR: AUTH and EHLO Commands Cause Internet Mail Service to Stop
- Microsoft: Q188369: XADM: AUTHINFO Command Causes Information Store Problems
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
