Hello 3APA3A,
Thanks again for your note. Due to the timeframe of Exchange SP4 we will
including a fix for this issue in that Service Pack.
If you want any future status on this issue please refer to MSRC 421.
Regards,
[email protected]
-----Original Message-----
From: 3APA3A [mailto:[email protected]]
Sent: Thursday, September 14, 2000 9:22 AM
To: Microsoft Security Response Center
Subject: Re[3]: Possible Exchange 5.5 Server DoS [msrch-au]
Hello Microsoft,
I didn't tested it yet, but according to Bugtraq post the problem here
is that Exchange server can be crashed by malicious mail. Mail should
be very easy, for example:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: 3APA3A <[email protected]>
To: Microsoft Security Response Center <[email protected]>
Subject: Test
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary = ""
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
This test message should crash Exchange
–
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
This test message should crash Exchange
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exchange crashes then parsing message because of
boundary = ""
If you can point me any of your Exchange 5.5 servers with SMTP enabled
I can try to crash it remotely.
Thursday, September 14, 2000, 6:25:36 PM, you wrote:
MSRC> Hello 3APA3A,
MSRC> Thanks for your note. Not sure what action we need to take here, but
we
MSRC> appreciate the information you included. There was a KB article that
we also
MSRC> forwarded to Christer.
MSRC>
http://support.microsoft.com/support/kb/articles/Q183/5/98.ASP?LN=EN-US&SD=g
MSRC> n&FR=1
MSRC> We also told him to work with PSS if he needs to isolate the problem
MSRC> further.
MSRC> Regards,
MSRC> [email protected]
MSRC> -----Original Message-----
MSRC> From: 3APA3A [mailto:[email protected]]
MSRC> Sent: Thursday, September 14, 2000 5:55 AM
MSRC> To: Microsoft Security Response Center
MSRC> Subject: Fwd: Re: Possible Exchange 5.5 Server DoS
MSRC> This is a forwarded message
MSRC> From: 3APA3A <[email protected]>
MSRC> To: Christer Enberg <[email protected]>
MSRC> Date: Thursday, September 14, 2000, 4:48:50 PM
MSRC> Subject: Possible Exchange 5.5 Server DoS
MSRC> ===8<==============Original message text===============
MSRC> Hello Christer Enberg,
MSRC> 12.09.2000 10:30, you wrote: Possible Exchange 5.5 Server DoS;
C>> queues and then restart exchange.
C>> It seems that the attachment line is the problem, by removing the
MSRC> attachment
C>> and sending the mail nothing happens.
MSRC> The problem is probably in Content-Type: field
MSRC> Content-Type: multipart/mixed;
MSRC> boundary = ""
MSRC> As you can see boundary (delimeter between MIME parts) is declared
MSRC> empty.
MSRC> It seems Exchange crashes then it tries to locate end of the part
MSRC> (every part must begin with "–" + boundary and end with boundary.
MSRC> /3APA3A
–
/3APA3A
Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его
прочитать. (Твен)