Microsoft Security Bulletin MS02-037

Naviga SWZ: Home Page » News
News del 25 Luglio 02 Autore: Steve3000
Server Response To SMTP Client EHLO Command Results In Buffer Overrun (Q326322)Titolo: Server Response To SMTP Client EHLO Command Results In Buffer Overrun (Q326322) Data: 24 July 2002 Software: Microsoft Exchange 5.5 Impatto: Ability to run arbitrary code Rischio: Medium Bollettino: MS02-037Issue: ====== Technical description: The Internet Mail Connector (IMC) enables Microsoft Exchange Server to communicate with other mail servers via SMTP. When the IMC receives an SMTP extended Hello (EHLO) protocol command from a connecting SMTP server, it responds by sending a status reply that starts with the following: 250-Hello Where: is the fully-qualified domain name (FQDN) of the Exchange server is either the FQDN or the IP address of the server that initiated the connection. The FQDN would be used if the Exchange5.5 IMC is able to resolve this information through a reverse DNS lookup; the IP address would be used if a reverse DNS lookup was not possible or failed to resolve the connecting servers IP address. A security vulnerability results because of an unchecked buffer In the IMC code that generates the response to the EHLO protocol command. If the total length of the message exceeds a particular value, the data would overrun the buffer. If the buffer were overrun with random data, it would result in the failure of the IMC. If, however, the buffer were overrun with carefully chosen data, it could be possible for the attacker to run code in the security context of the IMC, which runs as Exchange5.5 Service Account. It is important to note that the attacker could not simply send Data to the IMC in order to overrun the buffer. Instead, the Attacker would need to create a set of conditions that would cause the IMC to overrun its own buffer when it generated the EHLO response. Specifically, the attacker would need to ensure that a reverse DNS lookup would not only succeed, but would provide an FQDN whose length was sufficient to result in the buffer overrun. ---------------------------------- Altra patch indicata per gli addetti ai lavori e di scarso interesse per l'utente HOME. Click su INFO per il bollettino, su DOWNLOAD per scaricare la patch localizzata solamente in inglese.
Inserisci un commento sul forum Commenta la News sul Forum


Categoria: Sicurezza

La Community di

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum


Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter