Denial of Service in Exchange Server 5.x
Reported July 25, 1998 by Microsoft and ISS

VERSIONS AFFECTED

  • Exchange Server 5.5
  • Exchange Server 5.0 (including 5.0 Service Pack 1 and 2)

DESCRIPTION

When an intruder connects to an Exchange Server"s SMTP or NNTP port and sends certain sequences of incorrect data, an application error may occur, causing either service to stop responding. 

The problem is explained in Knowledge Base articles Q188341 and Q188369 as being related to buffer overflow conditions while parsing AUTHINFO commands.

SOLUTION

Load the proper hotfix, located in the MS FTP directory. Fixes are available for English, French, German, and Japanese.

For those who cannot load the hotfix, these attacks can be detected using the Server Monitor feature of Exchange Server Administrator, which can automatically restart the services, should they fail due to this attack.

To learn more about NT Security concerns, subscribe to NTSD

Credits
- Originally reported by ISS

Posted on The NT Shop on July 25, 1998