02. Microsoft responds to bug in Exchange Server
------------------------------------------------
http://www.microsoft.com/exchange/guide/papers/smtp.asp?A=2B=6
SMTP Denial of Service Attack for Exchange
Server 4.0 and 5.0
January, 1998
Microsoft has provided this market bulletin to help make customers aware of
an issue with Exchange Server 4.0 and 5.0, which, although fixed in a
service pack last year, has recently been discussed in various Internet
forums. This issue does not effect Exchange Server 5.5.
This issue involves a denial of service attack that can potentially be used
by someone with malicious intent to crash Microsoft® Exchange Server 4.0 and
5.0 machines. In some cases, this attack could also allow the execution of
arbitrary code from the stack.
This problem was fixed last year with the release of Service Pack 1 for
Exchange 5.0. This bulletin provides additional information including
instructions on how to obtain these fixes.
(see their web site for additional information)
----------------------------------------------------------------------
"this attack could also allow the execution of arbitrary code from the
stack"
I sure am glad that I am not running Exchange.
----------------------------------------------------------------------
bagel@neosoft.com
--Tony Hagale
+------------------------------------------------------------------------+
|- Strake Jesuit Network Admin
|- http://www.neosoft.com/~bagel
|- bagel on EFNet IRC
|- ICQ UIN: 3568586
|- finger tony@amdg.strakejesuit.org for PGP key
|- finger bagel@starbase.neosoft.com for geekcode
+-------------------------------------------------------------------------+