Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2253 |
Message | SMTP XEXCH50 overflow attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in Microsoft Exchange Server. |
Impact | Serious. Possible execution of arbitrary code and Denial of Service (DoS). |
Detailed Information | A vulnerability exists in versions of Microsoft Exchange Server such that it is possible for an attacker to execute arbitrary code or cause a DoS condition on the server without the need for prior authentication as a valid user. It is possible for an attacker to connect to the Exchange server on port 25 and send an extended verb request to the server that will cause a large amount of memory to be allocated. In Exchange Server 5.5 this may cause a DoS, whilst in Exchange Server 2000 this same condition could present the attacker with an opportunity to execute arbitrary code. |
Affected Systems | MIcrosoft Exchange Server 5.5 Microsoft Exchange Server 2000 |
Attack Scenarios | The attacker can connect to port 25 of the server and send a specially crafted verb request. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software. Apply the appropriate vendor supplied patches. |
Additional References | Microsoft Corp. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-046.asp CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0714 |
Rule References | bugtraq: 8838 cve: 2003-0714 nessus: 11889 url: www.microsoft.com/technet/security/bulletin/MS03-046.mspx |
--
DID:490189
--
http://www.aanval.com/