Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:658 |
Message | SMTP exchange mime DOS |
Summary | This event is generated when a denial of service is attempted on a Microsoft Exchange mail server. |
Impact | Denial of service. This will cause the Exchange server to fail. |
Detailed Information | A vulnerability exists in Microsoft Exchange 5.5 that causes a denial of service if a MIME header contains the string 'charset = ""'. The Exchange server does not properly handle this MIME header string, causing it to crash. |
Affected Systems | Microsoft Exchange server 5.5 |
Attack Scenarios | An attacker can supply a malicious string in the MIME header causing the Exchange server to fail. |
Ease of Attack | Easy. An attacker can telnet to port 25 of the Exchange server, start a dialogue with the server, and supply the malicious string in the MIME header. |
Corrective Action | Apply the appropriate patch or upgrade to Exchange 5.5 service Pack 4. |
Additional References | Microsoft: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms00-082.asp Miscellaneous: http://packetstormsecurity.nl/0011-exploits/exchange.dos.txt |
Rule References | bugtraq: 1869 cve: 2000-1006 nessus: 10558 url: www.microsoft.com/technet/security/bulletin/MS00-082.mspx |
--
DID:730983
--
http://www.aanval.com/