[ISN] Mail server flaw opens Exchange to spam

From: InfoSec News (isn@private)
Date: Tue Nov 18 2003 - 23:20:29 PST

  • Next message: InfoSec News: "[ISN] ISPs take on DDoS attacks"

    http://news.com.com/2100-7355_3-5107904.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    November 14, 2003
    
    Administrators of e-mail systems based on Microsoft's Exchange might 
    have spammers using their servers to send unsolicited bulk e-mail 
    under their noses, a consultant warned this week. 
    
    Aaron Greenspan, a Harvard University junior and president of 
    consulting company Think Computer, published a white paper Thursday 
    detailing the problem, discovered when a client's server was found to 
    be sending spam. Greenspan's research concluded that Exchange 5.5 and 
    2000 can be used by spammers to send anonymous e-mail. He says even 
    though software Microsoft provides on its site certifies that the 
    server is secure, it's not. 
    
    "If the guest account is enabled (on Exchange 5.5 and 2000), even if 
    your login fails, you can send mail, because the guest account is 
    there as a catchall," he said. "Even if you think you've done 
    everything (to secure the server), you are still open to spammers." 
    
    The guest account is a way for administrators to let visitors use a 
    mail server anonymously, but because of security issues, the feature 
    is generally not enabled. Exchange servers that had been infected by 
    the Code Red worm and subsequently cleaned will still have the guest 
    account enabled, Greenspan said. 
    
    There are dozens of messages--with subject lines such as "Open relay 
    problem" and "We are sending spam?"--on Microsoft's Exchange 
    Administration newsgroup, sent by information system managers who 
    haven't been able to staunch the flow of spam from their servers. 
    
    Microsoft, however, said the problem is relatively minor and that the 
    company hasn't had many complaints. 
    
    "This particular method of sending spam relies on specifically 
    configured servers or is leveraging weaknesses in the protocol 
    itself," the software giant said in a statement issued in response to 
    questions from CNET News.com. "The fact is that Microsoft has not 
    received a lot of calls from customers that have experienced problems 
    detailed by Think Computer." 
    
    Moreover, the company said the issue doesn't affect the latest version 
    of the software, Exchange Server 2003. 
    
    Greenspan, however, argued that the problem has accounted for a large 
    amount of unsolicited e-mail. He estimates that at least 100,000 
    messages spammers in China sent went through his client's server 
    before he stopped the problem. He added that the issue is causing 
    headaches for Exchange administrators. 
    
    "It is really inexcusable for a company that claims security is its 
    top priority," he said. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Nov 19 2003 - 02:06:31 PST