Signature Detail
Short Name |
SMTP:IIS:IIS-ENCAPS-RELAY |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
SMTP |
Keywords |
IIS Encapsulated SMTP Address Relay |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: IIS Encapsulated SMTP Address Relay
This signature detects attempts to exploit a known vulnerability in the Microsoft SMTP Service in Microsoft IIS. Versions 4.0 and 5.0 are vulnerable. A maliciously crafted "rcpt to:" command can circumvent e-mail relaying rules. Attackers can impersonate trusted e-mails or send spam anonymously.
Extended Description
Microsoft Exchange 5.5 and the SMTP (Simple Mail Transfer Protocol) service included with IIS (Internet Information Services) 4.0 and 5.0 are vulnerable to an encapsulated SMTP address vulnerability. The vulnerability was originally announced in Microsoft Security Bulletin MS99-027 and reported to affect Exchange Server 5.5. Microsoft released a patch to fix the vulnerability for Exchange Server 5.5 only. It has been recently reported that this vulnerability also affects the SMTP service included with Microsoft IIS 4.0 and 5.0. There exists no patch for the IIS SMTP service.
Affected Products
- Microsoft Exchange Server 5.5
- Microsoft Exchange Server 5.5 SP1
- Microsoft Exchange Server 5.5 SP2
- Microsoft IIS 4.0
- Microsoft IIS 5.0
References