A flaw in the authentication code of the SMTP service provided with Windows 2000 server and Exchange 5.5 may allow a user access to the SMTP service. This acess could be used to relay mail in violation of the SMTP server's security policy, or consume CPU resources on the SMTP server.
As of October 2003, The CERT/CC has begun seeing reports of exploitation. It is possible that an exploit for this vulnerability exists and is being used. Microsoft Released a patch for this issue in February 2002. It is recommended that USERS of Windows 2000 server and Exchange 5.5 apply the patch provided in MS02-011. In addition to exploiting this vulnerability to cause a denial of service, it is reported that the exploit attempts to guess passwords to common accounts on the system, such as administrator and IUSR_machinename. This highlights the importance of selecting strong passwords. For more information about selecting a strong password, we recommend that users review the following section of the Home Computer Security document:
An attacker that is able to authenticate to the SMTP server may be able to relay mail in violation of the SMTP server's security policy, or consume CPU resources on the SMTP server.
Apply a Patch
Thanks to the BindView Razor team for discovering this vulnerability.
This document was written by Cory F. Cohen.
|Date First Published:||2002-09-27|
|Date Last Updated:||2003-10-09 21:21 UTC|