MS Security Bulletin MS02-011

Discussion in 'other security issues & news' started by Zhen-Xjell, Feb 28, 2002.

Thread Status:
Not open for further replies.
  1. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    -----BEGIN PGP SIGNED MESSAGE-----

    - ----------------------------------------------------------------------
    Title:      Authentication Flaw Could Allow Unauthorized Users To
               Authenticate To SMTP Service
    Date:       27 February 2002
    Software:   Microsoft Windows 2000; Microsoft Exchange Server 5.5
    Impact:     Mail Relaying
    Max Risk:   Low
    Bulletin:   MS02-011

    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/security/bulletin/MS02-011.asp.
    - ----------------------------------------------------------------------

    Issue:
    ======
    An SMTP service installs by default as part of Windows 2000 server
    products and as part of the Internet Mail Connector (IMC) for
    Microsoft Exchange Server 5.5. (The IMC, also known as the
    Microsoft Exchange Internet Mail Service, provides access and
    message exchange to and from any system that uses SMTP). A
    vulnerability results in both services because of a flaw in the
    way they handle a valid response from the NTLM authentication
    layer of the underlying operating system.

    By design, the Windows 2000 SMTP service and the
    Exchange Server 5.5 IMC, upon receiving notification from
    the NTLM authentication layer that a user has been authenticated,
    should perform additional checks before granting the user access
    to the service. The vulnerability results because the affected
    services don't perform this additional checking correctly. In
    some cases, this could result in the SMTP service granting access
    to a user solely on the basis of their ability to successfully
    authenticate to the server.

    An attacker who exploited the vulnerability could gain only
    user-level privileges on the SMTP service, thereby enabling the
    attacker to use the service but not to administer it. The most
    likely purpose in exploiting the vulnerability would be to
    perform mail relaying via the server.

    Mitigating Factors:
    ====================
    - Exchange 2000 servers are not affected by the vulnerability
      because they correctly handle the authentication process to the
      SMTP service.

    - The vulnerability would not enable the attacker to read other
      users' email, nor to send mail as other users.

    - Best practices recommend disabling unneeded services. If the
      SMTP service has been disabled, the mail relaying vulnerability
      could not be exploited.

    - The vulnerability would not grant administrative privileges to
      the service, nor would it grant the attacker the ability to run
      programs or operating system commands.

    Risk Rating:
    ============
    - Internet systems: Low
    - Intranet systems: Low
    - Client systems: Low

    Patch Availability:
    ===================
    - A patch is available to fix this vulnerability. Please read the
      Security Bulletin at
      http://www.microsoft.com/technet/security/bulletin/ms02-011.asp
      for information on obtaining this patch.

    Acknowledgment:
    ===============
    - BindView's RAZOR Team (http://razor.bindview.com)

    - ---------------------------------------------------------------------

    THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
    PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
    ALL
    WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
    IN NO EVENT
    SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
    DAMAGES
    WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
    LOSS OF
    BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
    ITS
    SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
    STATES DO
    NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
    OR
    INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.1

    iQEVAwUBPH2VYI0ZSRQxA/UrAQFMsgf/ZoP5yg1R1qEQTDWhSJo07zG8Yg9fhKxt
    UEWddDF4x+M8Mr7YQnYX+LMRjh35ptwbixIG/qrmr0AiaxwdrXFI2zI88FhN0WSa
    nioVlHom2Q4hOOhK3lf7aLobo5I9qnEs9+ioOUIQtxzsMdl9CbyV8mhNfq8xPLqe
    Sq7W26hNtz6IrHAS+AB4ccq8a9xmp5LQOUvAeKCmuMElX4IMjJkLGp0jhUTpHyoF
    2RAqvrTriCmM33GMohQ1sR1YAhca5NqsK8p8Cw0iVLNzeIqIpKLhDjGdxHVBKxut
    jAQGst+rQTeLhMr0YIXZ6E8QXckSuft+22PKxG0HBcpCm0c5e55dog==
    =9GZH
    -----END PGP SIGNATURE-----


    *******************************************************************

    You have received this e-mail bulletin as a result of your subscription to the Microsoft Product Security Notification   Service.  For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp.

    To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp.

    To cancel your subscription, click on the following link mailto:1_26426_1E81A08D-A2CD-4E10-8D7F-16D1039270F8_US@Newsletters.Microsoft.com?subject=UNSUBSCRIBE to create an unsubscribe e-mail.

    To stop all e-mail newsletters from microsoft.com, click on the following link mailto:2_26426_1E81A08D-A2CD-4E10-8D7F-16D1039270F8_US@Newsletters.Microsoft.com?subject=STOPMAIL to create an unsubscribe e-mail.  You can manage all your Microsoft.com communication preferences from http://www.microsoft.com/misc/unsubscribe.htm

    For security-related information about Microsoft products, please  visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.
     
Loading...
Thread Status:
Not open for further replies.