[16749] in bugtraq
Possible Exchange 5.5 Server DoS
daemon@ATHENA.MIT.EDU (Christer Enberg)
Wed Sep 13 13:07:53 2000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C01C82.FD453310"
Message-Id: <F1219E765B7FD311889900E01898B1D03E2480@EXECUTOR>
Date: Tue, 12 Sep 2000 08:30:48 +0200
Reply-To: Christer Enberg <chribba@DEO.COM>
From: Christer Enberg <chribba@DEO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C01C82.FD453310
Content-Type: text/plain;
charset="windows-1252"
<<exerror.zip>>
This happend early this morning on one of our mailservers running Exchange
5.5 on WinNT4 OP5.
Suddenly the Information Store (STORE.EXE) crashed with a strange error
saying something in the way of
"Error while processing an email message", restarting both the server and
all of Exchange's components
has no effect at all. The only way of solving this problem as I discovered
is to shut down all Exchange Services
and Totally remove the content of the IMCDATA directory containing the mail
queues and then restart exchange.
It seems that the attachment line is the problem, by removing the attachment
and sending the mail nothing happens.
Anyone know of some more information about this "DoS" attack or how it can
be prevented,
I have not seen any off things in the mail that would bring an Exchange
server to a stop.
This message has been sent to Microsoft who has not yet given any answer.
Regards,
____________________________________________
christer.enberg@deo.com
system administrator / computer technician
wallingatan 11, 111 60 Stockholm
tel +46 8 412 41 19, fax +46 8 412 41 79
mob +46 733 73 33 19 www.deo.com
------_=_NextPart_000_01C01C82.FD453310
Content-Type: application/octet-stream;
name="exerror.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="exerror.zip"
UEsDBBQAAgAIAIBtKylhoP2jjAYAADgNAAALAAAAZXhlcnJvci50eHSVVl1zqkgarr1cq7zcve45
NRc5dUYOoOSImZw6URFxo1FREba2tpqPQCtfA62iv37eVpOg2cnOQEjopt+P532etztOkBHbxuih
2+DGfaVrcerTAv3qnKZ/FEXBxZvvCCHnfq7f4Xt0l94vl8u78F5ZKp357GnK87wsCAIv3erGQDYF
c4JO19/gaZ//Xl//gOefpfFFQCeJvr9+UXaP+dRzPLL13BZ6zpIIndeim8uk/y3IIifcNjmB54r/
fEb2HhXnizu7RTtCA6QPZ2N0MyROluTJM0VK4QQ49j2kxdTLYo+iISYh0r1sSxwPLbwsJ0mMJE7i
xFuJ50Thc7Xyd+KiF8B3aJjEvyBBAJsUiVARJIgt6bYlfkNfeBhXK1cQnpQhpJNuIB66CRMHh0GS
U4AgfuN4uIVT/m9fbpoc3F+Pvz+fYChHHJDGsF4f17ttc9wXeWU0Q89Jhn7FbkTiH68Ovt+hXkZ+
QbyA8tcc66260OIbUAtlhrr67DPLk26yuDbGNGi9Z6VaGXp5jn2vpnVbLEbj5zTAeYQ5ka95MeVk
ocnfStwmz25l6cc5odjb5YyB2pkMqDB4WtZYlb2sBcU7kDDEqMFJ6MYgsSzdIQ1y6WLqtV5Lm5dL
+60lNqqVHpSyhTpnOVyLtlqZJS10BaFa0Tf2ynNoC828nAIgbajUzhS3kMABV50EdBDT2myfQvxo
E1KS4ox+jUjhuXdAvZ1sYhdne3SPPn2CMAHJEfzg09oaW4yiU6EQiRELwUiJMOWqlVrtOgL1Cvo1
DTGJmXPQYpZ79P4TyZNasynJNeFTySLDcf7sZTUldhKXxH4LfbMJ4CinQQHZawI0wJRN2x6shirG
lClrfKQNiRyPFKb6NCO5xz4Ap8zZA/EDijSU8cVPP7GJ/5YujFzUQBwqSnd5UFrKTN8jxmkaEgdT
qPnXxKEereU083DE8Mc48u4xlJhyAY3CD6HbOPduG29LuiRPk5zQI5eYUuwEEcwzt8+gtXeuq5Wx
EvC2sfvSnSRNXV0EVrcx6qyKOV5Oc2sG71GP2PUFz74/CtPUVYtw7PP/GndkzTJ66+O7Mtha/bVf
rUzW7soWi62z4okmWtHxJhrzDl53waPO+ws1CLX+NDCjItTU8KCp0tbttCO7PqDmcspbxsS3o3BV
rVhGIWnqIDTFnuCIc98RZWrpbeJEct0RF3tn316ZhrSx6xMfR3Jqk3ZqG73YWg59bDR8V4Xc1blv
iou8WrH7bNaE2SB0IphdDiB+b+Pp7QTe15o6Cpx4kJqGC/kNQre/2NvxyZOpt+fTTsOH/I9YoOJQ
I9MY5JBPBzJfW0tN1lYPRFNGoa0WM0ftrbAhxWNd22mk3QUs+VztrS013FgHngw7ms9q15kV82rF
WUGl/fVg3JuutZ6bWv1pApZ7tgpYSS0x4Nl4pGtfoPLzI0vv1x+GK5NUK5oShNhwE7cLcVZzMl7t
tgt1wjIfsHhWp73ExpTHx+9r8tF6QHptcZg0ABGwH8a4PwHUmqCtGkwd6xMisO4fOWf57Y9zk3UT
PIJCFmK4dlWfWe0uvSj8hZezxdv64X5ELqpRVCujzof12D/plxYfrYdegAqOuv5FPUbd+R7y1O26
yzjdsDUsT90QYq032pvAJTaEwBIXh0fx1CuOGgTAqSgEy8PgediRfnNUB7wOtk40DVlvXPHKj2Ya
KfN4ykIKbGMua9CBoF7wC3m0bVarkCl2RE39Yf8ImivzxdCd1dR8YeGaQdj0j0oto/zL1eeHswlE
LkAhtuH48/pgNdYHL/23hd7YurCHYAP6IRqFVk/mbaG5wXE7BhxXPfOWCXDKciFlvWkijJ9MQwgh
AuwbsuB2FbDq5czCVsPV1JDgmUBvN2/LOEC975Bo0qXuJteqYNb7l94sdyZ01ke92fn/vXmJdLia
/MXenPwh19BZZba7f6TQ8LCsj1I7cnNrIe/wMgjtnhzDvrixxDB6URggBbY/6NX3eX8QEf7X+RMx
LyO+7/YXXqFP3xT6ZayE1Nq3Z040hE4JKdu9nb2cOoJ8YPuvrS6eHTVswP77zKI9RsAIeJ4YBfNK
Ljm93i/+R098GLFa+TMx33d6iePSDg/qLamRzR5PHHYqw5idyJrO04kx3ZrRPJmTta+fqj5z+2EO
3ZUsFD7VlGkAJyF4M5cPBewX/lRp+rO1PNeUhaIvJnDGLzagOwVO32Bm9HZah6fniB1bnEov572r
Cjl7f4Drd1BLAQIUABQAAgAIAIBtKylhoP2jjAYAADgNAAALAAAAAAAAAAAAIAAAAAAAAABleGVy
cm9yLnR4dFBLBQYAAAAAAQABADkAAAC1BgAAAAA=
------_=_NextPart_000_01C01C82.FD453310--
