Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:2563
HistoryFeb 28, 2002 - 12:00 a.m.

Security Bulletin MS02-011

2002-02-2800:00:00
vulners.com
23

Title: Authentication Flaw Could Allow Unauthorized Users To
Authenticate To SMTP Service
Date: 27 February 2002
Software: Microsoft Windows 2000; Microsoft Exchange Server 5.5
Impact: Mail Relaying
Max Risk: Low
Bulletin: MS02-011

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-011.asp.


Issue:

An SMTP service installs by default as part of Windows 2000 server
products and as part of the Internet Mail Connector (IMC) for
Microsoft Exchange Server 5.5. (The IMC, also known as the
Microsoft Exchange Internet Mail Service, provides access and
message exchange to and from any system that uses SMTP). A
vulnerability results in both services because of a flaw in the
way they handle a valid response from the NTLM authentication
layer of the underlying operating system.

By design, the Windows 2000 SMTP service and the
Exchange Server 5.5 IMC, upon receiving notification from
the NTLM authentication layer that a user has been authenticated,
should perform additional checks before granting the user access
to the service. The vulnerability results because the affected
services don't perform this additional checking correctly. In
some cases, this could result in the SMTP service granting access
to a user solely on the basis of their ability to successfully
authenticate to the server.

An attacker who exploited the vulnerability could gain only
user-level privileges on the SMTP service, thereby enabling the
attacker to use the service but not to administer it. The most
likely purpose in exploiting the vulnerability would be to
perform mail relaying via the server.

Mitigating Factors:

  • Exchange 2000 servers are not affected by the vulnerability
    because they correctly handle the authentication process to the
    SMTP service.

  • The vulnerability would not enable the attacker to read other
    users' email, nor to send mail as other users.

  • Best practices recommend disabling unneeded services. If the
    SMTP service has been disabled, the mail relaying vulnerability
    could not be exploited.

  • The vulnerability would not grant administrative privileges to
    the service, nor would it grant the attacker the ability to run
    programs or operating system commands.

Risk Rating:

  • Internet systems: Low
  • Intranet systems: Low
  • Client systems: Low

Patch Availability:

Acknowledgment:


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.