Thanks cheekymonkey & Andrew Hodes
Title: Malformed Mail Attribute can Cause Exchange 2000 to
Exhaust CPU Resources (Q320436)
Date: 29 May 2002
Software: Microsoft Exchange
Impact: Denial of Service
Max Risk: Critical
Bulletin: MS02-025
Issue:
======
To support the exchange of mail with heterogeneous systems, Exchange messages use the attributes of SMTP mail messages that are specified by RFC's 821 and 822. There is a flaw in the way Exchange 2000 handles certain malformed RFC message attributes on received mail. Upon receiving a message containing such a malformation, the flaw causes the Store service to consume 100% of the available CPU in processing the message.
News source: Microsoft Security Bulletin MS02-025
Download: Exchange 2000 Information Store Patch 5770.91
Title: Malformed Mail Attribute can Cause Exchange 2000 to
Exhaust CPU Resources (Q320436)
Date: 29 May 2002
Software: Microsoft Exchange
Impact: Denial of Service
Max Risk: Critical
Bulletin: MS02-025
Issue:
======
To support the exchange of mail with heterogeneous systems, Exchange messages use the attributes of SMTP mail messages that are specified by RFC's 821 and 822. There is a flaw in the way Exchange 2000 handles certain malformed RFC message attributes on received mail. Upon receiving a message containing such a malformation, the flaw causes the Store service to consume 100% of the available CPU in processing the message.
News source: Microsoft Security Bulletin MS02-025 Download: Exchange 2000 Information Store Patch 5770.91
A security vulnerability results because it is possible for an attacker to seek to exploit this flaw and mount a denial of service attack. An attacker could attempt to levy an attack by connecting directly to the Exchange server and passing a raw, hand-crafted mail message with a specially malformed attribute. When the message was received and processed by the Store service, the CPU would spike to 100%. The effects of the attack would last as long as it took for the Exchange Store service to process the message. Neither restarting the service nor rebooting the server would remedy the denial of service.
Mitigating Factors:
====================
- The effect of an attack via this vulnerability would be
temporary. Once the server completed processing the
message, normal operations would resume. However, it
is not possible to halt the processing of the message
once begun, even with a reboot.
- The vulnerability does not provide any capability to
compromise data on the server or gain administrative
control over it.
- Mounting a successful attack requires the ability to pass a
hand-crafted message to the target system, most likely through
a simulated server-based connection. It is not possible to
craft a malformed message using an email client such as
Outlook or Outlook Express.
Risk Rating:
============
- Internet systems: Critical
- Intranet systems: Critical
- Client systems: None
Patch Availability:
===================
- A patch is available to fix this vulnerability.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.