Re: [ISN] Microsoft Exchange hole "critical"

From: InfoSec News (isnat_private)
Date: Fri May 31 2002 - 05:08:13 PDT

  • Next message: InfoSec News: "[ISN] Japan space hackers nabbed for spying"

    Forwarded from: Saso Virag <sviragat_private>
    In message InfoSec News writes:
    >By David Becker 
    >Staff Writer, CNET
    >May 29, 2002, 3:30 PM PT
    > Malformed messages created using RFC 821 and 822, versions of the
    > SMTP format commonly used by e-mail programs, can cause the CPU of
    > the server receiving the message to run at 100 percent as it
    > attempts to read the message.
    Funnily enough, RFC 821 defines SMTP and RFC 822 defines how an e-mail
    message must look. I wonder how e-mail servers would work if they
    didn't conform to those two - now obsoleted by RFC 2822 and 2821 -
    > The result would be a denial-of-service attack, with the affected
    > server unable to do anything until it finishes processing the
    > message.
    This seems like a far bigger issue than Exchange not properly handling
    malformed SMTP headers.
    > "Once the process starts, you can't stop it," he said, adding that
    > it could take a server anywhere from a few seconds to a few hours to
    > process a message. "The key here is that once the system gets hold
    > of that message, it's got to deal with it."
    The key issue here is, that systems administrator can't manually
    override the process and perhaps manually correct the problem. Badly
    engineered software.
    > The bulletin noted that creating such messages would require
    > specialized knowledge and software, as common e-mail clients such as
    > Outlook are incapable of creating RFC 821 or 822 content.
    :-) Common mail clients MUST be capable of creating e-mail messages
    conforming to RFC 821 and 822.
    Specialized knowledge and software? Yes, you need to read RFCs
    mentioned above and grok them. You also need to have a telnet client.
    Hardly specialized knowledge and software, is it? RFC is public
    document and telnet clients come with _every_ MS OS after 1995 or so.
    > "You'd have to be fairly sophisticated," Budd said. "This is not
    > something where somebody opens an e-mail client, puts a few bad
    > characters in a message, and sends it. It would basically require
    > someone to know the language of SMTP."
    Wooo. It takes spe-cia-li-zed knowledge. FUD at it's best.
    > Microsoft urged system administrators to promptly patch any Exchange
    > 2000 servers.
    Patch for this particular vulnerability? How about another patch
    giving administrators means to manually take the wrench out of the
    works before it completely destroys everything?
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri May 31 2002 - 08:08:39 PDT