SMTP: IIS Encapsulated SMTP Address Relay
This signature detects attempts to exploit a known vulnerability in the Microsoft SMTP Service in Microsoft IIS. Versions 4.0 and 5.0 are vulnerable. A maliciously crafted "rcpt to:" command can circumvent e-mail relaying rules. Attackers can impersonate trusted e-mails or send spam anonymously.
Extended Description
Microsoft Exchange 5.5 and the SMTP (Simple Mail Transfer Protocol) service included with IIS (Internet Information Services) 4.0 and 5.0 are vulnerable to an encapsulated SMTP address vulnerability. The vulnerability was originally announced in Microsoft Security Bulletin MS99-027 and reported to affect Exchange Server 5.5. Microsoft released a patch to fix the vulnerability for Exchange Server 5.5 only. It has been recently reported that this vulnerability also affects the SMTP service included with Microsoft IIS 4.0 and 5.0. There exists no patch for the IIS SMTP service.
Affected Products
Microsoft exchange_server
Short Name
SMTP:IIS:IIS-ENCAPS-RELAY
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
Address CVE-2002-1790 Encapsulated IIS Relay SMTP bid:5213
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.0