FORWARDED FROM A ROOTSHELL BULLETIN 02. Microsoft responds to bug in Exchange Server ------------------------------------------------ http://www.microsoft.com/exchange/guide/papers/smtp.asp?A=2B=6 SMTP Denial of Service Attack for Exchange Server 4.0 and 5.0 January, 1998 Microsoft has provided this market bulletin to help make customers aware of an issue with Exchange Server 4.0 and 5.0, which, although fixed in a service pack last year, has recently been discussed in various Internet forums. This issue does not effect Exchange Server 5.5. This issue involves a denial of service attack that can potentially be used by someone with malicious intent to crash Microsoft® Exchange Server 4.0 and 5.0 machines. In some cases, this attack could also allow the execution of arbitrary code from the stack. This problem was fixed last year with the release of Service Pack 1 for Exchange 5.0. This bulletin provides additional information including instructions on how to obtain these fixes. (see their web site for additional information) ---------------------------------------------------------------------- "this attack could also allow the execution of arbitrary code from the stack" I sure am glad that I am not running Exchange. ---------------------------------------------------------------------- bagelat_private --Tony Hagale +------------------------------------------------------------------------+ |- Strake Jesuit Network Admin |- http://www.neosoft.com/~bagel |- bagel on EFNet IRC |- ICQ UIN: 3568586 |- finger tonyat_private for PGP key |- finger bagelat_private for geekcode +-------------------------------------------------------------------------+
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:41:07 PDT