RE: Fw: Microsoft Security Bulletin MS02-025: Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources (Q320436)

• From: "Periyasamy, Raj" <Raj.Periyasamy@xxxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Thu, 30 May 2002 11:04:29 -0400

Has anyone applied this hotfix. Did you notice any problems after the
hotfix is applied. I just want to confirm before applying the hotfix.

Regards,

Raj


-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx] 
Sent: Wednesday, May 29, 2002 3:41 PM
To: [ExchangeList]
Subject: [exchangelist] Fw: Microsoft Security Bulletin MS02-025:
Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU
Resources (Q320436)


http://www.MSExchange.org/ - Re-Vamped!



> Title:      Malformed Mail Attribute can Cause Exchange 2000 to
>             Exhaust CPU Resources (Q320436)
> Date:       29 May 2002
> Software:   Microsoft Exchange
> Impact:     Denial of Service
> Max Risk:   Critical
> Bulletin:   MS02-025
>
> Microsoft encourages customers to review the Security Bulletin at: 
> http://www.microsoft.com/technet/security/bulletin/MS02-025.asp.
> - 
> ----------------------------------------------------------------------
>
> Issue:
> ======
> To support the exchange of mail with heterogeneous systems, Exchange 
> messages use the attributes of SMTP mail messages that are specified 
> by RFC's 821 and 822. There is a flaw in the way Exchange 2000 handles

> certain malformed RFC message attributes on received mail. Upon 
> receiving a message containing such a malformation, the flaw causes 
> the Store service to consume 100% of the available CPU in processing 
> the message.
>
> A security vulnerability results because it is possible for an 
> attacker to seek to exploit this flaw and mount a denial of service 
> attack. An attacker could attempt to levy an attack by connecting 
> directly to the Exchange server and passing a raw, hand-crafted mail 
> message with a specially malformed attribute. When the message was 
> received and processed by the Store service, the CPU would spike to 
> 100%. The effects of the attack would last as long as it took for the 
> Exchange Store service to process the message. Neither restarting the 
> service nor rebooting the server would remedy the denial of service.
>
> Mitigating Factors:
> ====================
>  - The effect of an attack via this vulnerability would be
>    temporary. Once the server completed processing the
>    message, normal operations would resume. However, it
>    is not possible to halt the processing of the message
>    once begun, even with a reboot.
>
>  - The vulnerability does not provide any capability to
>    compromise data on the server or gain administrative
>    control over it.
>
>  - Mounting a successful attack requires the ability to pass a
>    hand-crafted message to the target system, most likely through
>    a simulated server-based connection. It is not possible to
>    craft a malformed message using an email client such as
>    Outlook or Outlook Express.
>
> Risk Rating:
> ============
>  - Internet systems: Critical
>  - Intranet systems: Critical
>  - Client systems: None
>
> Patch Availability:
> ===================
>  - A patch is available to fix this vulnerability. Please read the
>    Security Bulletin at
>    http://www.microsoft.com/technet/security/bulletin/ms02-025.asp
>    for information on obtaining this patch.
>
> Acknowledgment:
> ===============
>  - Mr. Allendoerfer (allendoerfer@xxxxxxxxxxxx);
>    Mr. Koenig (koenig@xxxxxxxxxxxx);
>    Mr. Kraemer (kraemer@xxxxxxxxxxxx);
>    Mr. Schaal (schaal@xxxxxxxxxxxx);
>    Mr. Tacke (tacke@xxxxxxxxxxxx) of the Computing Center,
>    Johannes Gutenberg University Mainz, Germany
> - 
> ---------------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED 
> "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
> WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
> WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
> IN NO EVENT
> SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
> DAMAGES
> WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
> LOSS OF
> BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
> ITS
> SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
> STATES DO
> NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
> OR
> INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQEVAwUBPPUZCI0ZSRQxA/UrAQHOdwgArEHNVboO1OjPt3cRNzxY1P3sgD8ajB0F
> mxmy4xbSCcwfMKPdUztFsup8LmzHEYxlYHjo1lS8RiptQEqONHZuhehUlbu8B82u
> 3ZU0aaQxnORLH9mpBTftTrJIebEog4bPDL+A9DxhSBRnsJvgHBKPYUqyx+6fky0J
> h+acANXiCXHvwfcvnOyp3eMCM5kkqGraZ1A6STtJUUItUhTRkHN7VveMu/a4BuT2
> vyVLsbHWRlfuBgb4ocjkRN8XUd4bZXXIomSEVn6yyOsJCTVamn4ALGWTI71sQ5EI
> 0QEPnxhrypkM/ujYxIpo5TGdhmiKyooU9zSrHsEGDUeYC/bLzcah/Q==
> =g7N5
> -----END PGP SIGNATURE-----
>
>
> *******************************************************************
>
> You have received this e-mail bulletin because of your subscription to

> the
Microsoft Product Security Notification Service.  For more information
on this service, please visit
http://www.microsoft.com/technet/security/notify.asp.
>
> To verify the digital signature on this bulletin, please download our 
> PGP
key at http://www.microsoft.com/technet/security/notify.asp.
>
> To unsubscribe from the Microsoft Security Notification Service, 
> please
visit the Microsoft Profile Center at
http://register.microsoft.com/regsys/pic.asp
>
> If you do not wish to use Microsoft Passport, you can unsubscribe from

> the
Microsoft Security Notification Service via email as described below:
> Send an email to unsubscribe to the Service by following these steps: 
> a. Send an e-mail to securrem@xxxxxxxxxxxxxx The subject line and the
message body are not used to process the subscription request, and can
be anything you like.
> b. Send the e-mail.
> c. You will receive a response, asking you to verify that you really 
> want
to cancel your subscription. Compose a reply, and put "OK" in the
message body. (Without the quotes). Send the reply.
> d. You will receive an e-mail telling you that your name has been 
> removed
from the subscriber list.
>
> For security-related information about Microsoft products, please 
> visit
the Microsoft Security Advisor web site at
http://www.microsoft.com/security.
>


------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
psraj@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

• » Fw: Microsoft Security Bulletin MS02-025: Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources (Q320436)
• » RE: Fw: Microsoft Security Bulletin MS02-025: Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources (Q320436)

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription