|
|
|
 |
Vulnerability Note VU#779163Microsoft Exchange 2000 exhausts server resources while attempting to process malformed mail attributesOverviewMicrosoft Exchange 2000 contains a vulnerability that allows remote attackers to conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed.I. DescriptionMicrosoft Exchange 2000 contains a vulnerability in its handling of RFC2822 message headers. If an attacker connects directly to the Exchange server and submits a crafted message containing certain invalid headers, Exchange will consume all available CPU resources to process the message. Due to the way that messages are queued on the Exchange server, restarting the Exchange service or rebooting the server will not remove the message from the queue; it must be completely processed before the server can process any other requests.II. ImpactAttackers can conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed.III. SolutionApply a patch from your vendorMicrosoft has released Microsoft Security Bulletin MS02-025 to address this issue. For more information, please see Systems Affected
References
This vulnerability was discovered by researchers at the Johannes Gutenberg University in Mainz, Germany. This document was written by Jeffrey P. Lanza based on information provided by Microsoft.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader