[6047] in bugtraq
Microsoft responds to bug in Exchange Server
daemon@ATHENA.MIT.EDU (Tony Hagale)
Wed Jan 28 19:01:34 1998
Date: Tue, 27 Jan 1998 18:10:20 -0600
Reply-To: Tony Hagale <bagel@NEOSOFT.COM>
From: Tony Hagale <bagel@NEOSOFT.COM>
To: BUGTRAQ@NETSPACE.ORG
FORWARDED FROM A ROOTSHELL BULLETIN
02. Microsoft responds to bug in Exchange Server
------------------------------------------------
http://www.microsoft.com/exchange/guide/papers/smtp.asp?A=3D2B=3D6
SMTP Denial of Service Attack for Exchange
Server 4.0 and 5.0
January, 1998
Microsoft has provided this market bulletin to help make customers awar=
e of
an issue with Exchange Server 4.0 and 5.0, which, although fixed in a
service pack last year, has recently been discussed in various Internet
forums. This issue does not effect Exchange Server 5.5.
This issue involves a denial of service attack that can potentially be =
used
by someone with malicious intent to crash Microsoft=AE Exchange Server =
4.0 and
5.0 machines. In some cases, this attack could also allow the execution=
of
arbitrary code from the stack.
This problem was fixed last year with the release of Service Pack 1 for
Exchange 5.0. This bulletin provides additional information including
instructions on how to obtain these fixes.
(see their web site for additional information)
----------------------------------------------------------------------
"this attack could also allow the execution of arbitrary code from the
stack"
I sure am glad that I am not running Exchange.
----------------------------------------------------------------------
bagel@neosoft.com
--Tony Hagale
+----------------------------------------------------------------------=
--+
|- Strake Jesuit Network Admin
|- http://www.neosoft.com/~bagel
|- bagel on EFNet IRC
|- ICQ UIN: 3568586
|- finger tony@amdg.strakejesuit.org for PGP key
|- finger bagel@starbase.neosoft.com for geekcode
+----------------------------------------------------------------------=
---+