Skip navigation
Menu
Security

Exchange Server Subject to Denial of Service

Denial of Service in Exchange Server 5.x
Reported July 25, 1998 by Microsoft and ISS

VERSIONS AFFECTED

  • Exchange Server 5.5
  • Exchange Server 5.0 (including 5.0 Service Pack 1 and 2)

DESCRIPTION

When an intruder connects to an Exchange Server"s SMTP or NNTP port and sends certain sequences of incorrect data, an application error may occur, causing either service to stop responding. 

The problem is explained in Knowledge Base articles Q188341 and Q188369 as being related to buffer overflow conditions while parsing AUTHINFO commands.

SOLUTION

Load the proper hotfix, located in the MS FTP directory. Fixes are available for English, French, German, and Japanese.

For those who cannot load the hotfix, these attacks can be detected using the Server Monitor feature of Exchange Server Administrator, which can automatically restart the services, should they fail due to this attack.

To learn more about NT Security concerns, subscribe to NTSD

Credits
- Originally reported by ISS

Posted on The NT Shop on July 25, 1998

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024
cleaning products
6 Essential Steps for Spring Cleaning Your Website
Mar 21, 2024