Thread-topic: iDefense Security Advisory 05.08.07: Microsoft Exchange Server 2000IMAP Literal Processing DoS Vulnerability
>
> Microsoft Exchange Server 2000 IMAP Literal Processing DoS
> Vulnerability
>
> iDefense Security Advisory 05.08.07
>
> May 08, 2007
>
> I. BACKGROUND
>
> Microsoft Exchange Server 2000 is a messaging product developed by
> Microsoft, part of the Windows Server System line of server products.
> More information about it can be found at the following URL.
>
>
> ault.mspx
>
> II. DESCRIPTION
>
> Remote exploitation of an integer overflow vulnerability in the IMAP
> service of Microsoft Exchange 2000 could allow a remote attacker to
> crash all running Exchange services and other services in the same
> process.
>
> The vulnerability specifically exists in code responsible for
> reading of
> literals in the IMAP4 service. When the IMAP4 service encounters a
> specially crafted literal, it fails to properly process it. An access
> violation occurs causing an unhandled exception that terminates the
> process.
>
> III. ANALYSIS
>
> Exploitation of this vulnerability allows an attacker to cause the
> affected server to restart or potentially require data to be
> reinstalled from backup.
>
> As the Exchange server may run in the same process space as many other
> servers, crashing the IMAP4 component will also cause the SMTP, POP3,
> WWW and FTP services, if enabled, to exit. In order to exploit this
> vulnerability, the attacker must have access to establish a
> TCP session
> with the IMAP4 service.
>
> IV. DETECTION
>
> iDefense confirmed the existence of this vulnerability in Microsoft
> Exchange
> 2000 with Service Pack 3.
>
> V. WORKAROUND
>
> iDefense is not currently aware of any effective workarounds for this
> vulnerability. Consider applying network access controls on this
> service.
>
> VI. VENDOR RESPONSE
>
> Microsoft has addressed this vulnerability within MS07-026. For more
> information, consult their bulletin at the following URL.
>
>
>
> VII. CVE INFORMATION
>
> The Common Vulnerabilities and Exposures (CVE) project has
> assigned the
> name CVE-2007-0221 to this issue. This is a candidate for inclusion in
> the CVE list (), which standardizes names for
> security problems.
>
> VIII. DISCLOSURE TIMELINE
>
> 01/10/2007 Initial vendor notification
> 01/22/2007 Initial vendor response
> 05/08/2007 Coordinated public disclosure
>
> IX. CREDIT
>
> This vulnerability was reported to iDefense by Joxean Koret.
>
> Get paid for vulnerability research
>
>
> Free tools, research and upcoming events
>
>
> X. LEGAL NOTICES
>
> Copyright (c) 2007 iDefense, Inc.
>
> Permission is granted for the redistribution of this alert
> electronically. It may not be edited in any way without the express
> written consent of iDefense. If you wish to reprint the whole or any
> part of this alert in any other medium other than electronically,
> please e-mail customerservice@xxxxxxxxxxxx for permission.
>
> Disclaimer: The information in the advisory is believed to be accurate
> at the time of publishing based on currently available
> information. Use
> of the information constitutes acceptance for use in an AS IS
> condition.
> There are no warranties with regard to this information. Neither the
> author nor the publisher accepts any liability for any direct,
> indirect, or consequential loss or damage arising from use of, or
> reliance on, this information.
> _______________________________________________
> To unsubscribe, go here:
>
>
