Signature Detail
Short Name |
SMTP:EXCHANGE:MULTI-LONG-MAILRT |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
SMTP |
Keywords |
Exchange Multiple Long Mail Route Commands |
Release Date |
2005/04/20 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: Exchange Multiple Long Mail Route Commands
This signature detects attempts to exploit a known vulnerability in Microsoft Exchange Server. Unauthenticated attackers can remotely connect to the SMTP port on an Exchange server, then issue a crafted extended verb to run malicious programs in the security context of the SMTP service. This signature should be used between your Exchange servers and the Internet and not used between trusted Exchange servers to avoid potential false-positives.
Extended Description
Microsoft Exchange Server is prone to a buffer overflow in the X-LINK2STATE SMTP extended verb. Successful exploitation could result in arbitrary code execution.
Affected Products
- Microsoft Exchange Server 2000 SP1
- Microsoft Exchange Server 2000 SP2
- Microsoft Exchange Server 2000 SP3
- Microsoft Exchange Server 2000
- Microsoft Exchange Server 2003 SP1
- Microsoft Exchange Server 2003
References
- BugTraq: 13118
- CVE: CVE-2005-0560
- URL: http://www.us-cert.gov/cas/techalerts/TA05-102A.html