SMTP: Microsoft Exchange Malformed Intra-Exchange Verb
This signature detects attempts to exploit a known vulnerability in Microsoft Exchange Server 5.5 and 2000. It is due to the command verb "Xexch50," which is valid only for communication between validated Exchange servers, is handled incorrectly. Attackers can send the command verb with a negative number or a very large positive number to crash the Exchange server, and, in extreme cases with Exchange Server 2000, can also take control of the server.
Extended Description
Microsoft has announced that Exchange Server is affected by a remotely exploitable buffer overflow condition. The overflow can be triggered remotely by unauthenticated SMTP clients. The source of the issue appears to be in how the XEXCH50 verb is handled by the server. Microsoft has stated that remote code execution is possible on hosts running Exchange 2000 Server. Servers running Exchange Server 5.0 and 5.5 are vulnerable to a denial of service attack.
Affected Products
Microsoft exchange_server
Short Name
SMTP:EXCHANGE:MAL-VERB-XEXCH50
Severity
Critical
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CA-2003-27 CVE-2003-0714 Exchange Intra-Exchange Malformed Microsoft Verb bid:8838
Release Date
10/23/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5