Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  DoS против Exchange

  Security Bulletin (MS00-082)

  Re: Possible Exchange 5.5 Server DoS

  Possible Exchange 5.5 Server DoS

From:MICROSOFT <secure_(at)_microsoft.com>
Date:21.09.2000
Subject:RE: Re[3]: Possible Exchange 5.5 Server DoS [msrc 421]

Hello 3APA3A,

Thanks again for your note. Due to the timeframe of Exchange SP4 we will
including a fix for this issue in that Service Pack.

If you want any future status on this issue please refer to MSRC 421.

Regards,
Secure@Microsoft.com

-----Original Message-----
From: 3APA3A [mailto:3APA3A@SECURITY.NNOV.RU]
Sent: Thursday, September 14, 2000 9:22 AM
To: Microsoft Security Response Center
Subject: Re[3]: Possible Exchange 5.5 Server DoS [msrch-au]


Hello Microsoft,

I didn't tested it yet, but according to Bugtraq post the problem here
is  that Exchange server can be crashed by malicious mail. Mail should
be very easy, for example:


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

From: 3APA3A <3APA3A@security.nnov.ru>
To: Microsoft Security Response Center <secure@microsoft.com>
Subject: Test
MIME-Version: 1.0
Content-Type: multipart/mixed;
       boundary = ""

This is a multi-part message in MIME format.
--
Content-Type: text/plain;
       charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

This test message should crash Exchange

--
Content-Type: text/plain;
       charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

This test message should crash Exchange


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exchange crashes then parsing message because of
       boundary = ""

If you can point me any of your Exchange 5.5 servers with SMTP enabled
I can try to crash it remotely.
       
Thursday, September 14, 2000, 6:25:36 PM, you wrote:

MSRC> Hello 3APA3A,

MSRC> Thanks for your note. Not sure what action we need to take here, but
we
MSRC> appreciate the information you included. There was a KB article that
we also
MSRC> forwarded to Christer.

MSRC>
http://support.microsoft.com/support/kb/articles/Q183/5/98.ASP?LN=EN-US&SD=g

MSRC> n&FR=1

MSRC> We also told him to work with PSS if he needs to isolate the problem
MSRC> further.

MSRC> Regards,
MSRC> Secure@Microsoft.com

MSRC> -----Original Message-----
MSRC> From: 3APA3A [mailto:3APA3A@SECURITY.NNOV.RU]
MSRC> Sent: Thursday, September 14, 2000 5:55 AM
MSRC> To: Microsoft Security Response Center
MSRC> Subject: Fwd: Re: Possible Exchange 5.5 Server DoS




MSRC> This is a forwarded message
MSRC> From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
MSRC> To: Christer Enberg <chribba@DEO.COM>
MSRC> Date: Thursday, September 14, 2000, 4:48:50 PM
MSRC> Subject: Possible Exchange 5.5 Server DoS

MSRC> ===8<==============Original message text===============
MSRC> Hello Christer Enberg,

MSRC> 12.09.2000 10:30, you wrote: Possible Exchange 5.5 Server DoS;
C>> queues and then restart exchange.

C>> It seems that the attachment line is the problem, by removing the
MSRC> attachment
C>> and sending the mail nothing happens.

MSRC> The problem is probably in Content-Type: field

MSRC> Content-Type: multipart/mixed;
MSRC>         boundary = ""

MSRC> As  you  can  see  boundary (delimeter between MIME parts) is declared
MSRC> empty.

MSRC> It  seems  Exchange  crashes  then  it tries to locate end of the part
MSRC> (every part must begin with "--" + boundary and end with boundary.


MSRC> /3APA3A



--
/3APA3A
Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его
прочитать. (Твен)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod