SMTP: Exchange Multiple Long Mail Route Commands
This signature detects attempts to exploit a known vulnerability in Microsoft Exchange Server. Unauthenticated attackers can remotely connect to the SMTP port on an Exchange server, then issue a crafted extended verb to run malicious programs in the security context of the SMTP service. This signature should be used between your Exchange servers and the Internet and not used between trusted Exchange servers to avoid potential false-positives.
Extended Description
Microsoft Exchange Server is prone to a buffer overflow in the X-LINK2STATE SMTP extended verb. Successful exploitation could result in arbitrary code execution.
Affected Products
Microsoft exchange_server_2003
Short Name
SMTP:EXCHANGE:MULTI-LONG-MAILRT
Severity
Critical
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2005-0560 Commands Exchange Long Mail Multiple Route bid:13118
Release Date
04/20/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Frequently
Vendors
Microsoft
CVSS Score
7.5