Authentication Vulnerability in SMTP of Microsoft Windows 2000 and Exchange Server 5.5

Reported February 27, 2002, by Microsoft.

VERSIONS AFFECTED

 

·         Windows 2000

·         Exchange Server 5.5

 

DESCRIPTION
A vulnerability exists in the way that the SMTP service handles a valid response from the OS's NT LAN Manager (NTLM) authentication layer. An attacker can use this vulnerability to gain user-level privileges on the SMTP service.

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-011, which addresses this vulnerability, and recommends that affected users immediately apply the appropriate patch at the URL listed in Security Bulletin MS02-011.

 

CREDIT
Discovered by Bindview's Razor team.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish