RE: Fw: Microsoft Security Bulletin MS02-025:Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPUResources (Q320436)
- From: "John Nguyen" <JGNGUYEN@xxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Thu, 30 May 2002 11:42:00 -0400
I applied the hotfix this morning, did get some "service not started"
error when the hot fix was installing but after reboot all services came
up fine.
-----Original Message-----
From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
Sent: Thursday, May 30, 2002 11:04 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Fw: Microsoft Security Bulletin
MS02-025:Malformed Mail Attribute can Cause Exchange 2000 to Exhaust
CPUResources (Q320436)
http://www.MSExchange.org/ - Re-Vamped!
Has anyone applied this hotfix. Did you notice any problems after the
hotfix is applied. I just want to confirm before applying the hotfix.
Regards,
Raj
-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx]
Sent: Wednesday, May 29, 2002 3:41 PM
To: [ExchangeList]
Subject: [exchangelist] Fw: Microsoft Security Bulletin MS02-025:
Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU
Resources (Q320436)
http://www.MSExchange.org/ - Re-Vamped!
> Title: Malformed Mail Attribute can Cause Exchange 2000 to
> Exhaust CPU Resources (Q320436)
> Date: 29 May 2002
> Software: Microsoft Exchange
> Impact: Denial of Service
> Max Risk: Critical
> Bulletin: MS02-025
>
> Microsoft encourages customers to review the Security Bulletin at:
> http://www.microsoft.com/technet/security/bulletin/MS02-025.asp.
> -
> ----------------------------------------------------------------------
>
> Issue:
> ======
> To support the exchange of mail with heterogeneous systems, Exchange
> messages use the attributes of SMTP mail messages that are specified
> by RFC's 821 and 822. There is a flaw in the way Exchange 2000 handles
> certain malformed RFC message attributes on received mail. Upon
> receiving a message containing such a malformation, the flaw causes
> the Store service to consume 100% of the available CPU in processing
> the message.
>
> A security vulnerability results because it is possible for an
> attacker to seek to exploit this flaw and mount a denial of service
> attack. An attacker could attempt to levy an attack by connecting
> directly to the Exchange server and passing a raw, hand-crafted mail
> message with a specially malformed attribute. When the message was
> received and processed by the Store service, the CPU would spike to
> 100%. The effects of the attack would last as long as it took for the
> Exchange Store service to process the message. Neither restarting the
> service nor rebooting the server would remedy the denial of service.
>
> Mitigating Factors:
> ====================
> - The effect of an attack via this vulnerability would be
> temporary. Once the server completed processing the
> message, normal operations would resume. However, it
> is not possible to halt the processing of the message
> once begun, even with a reboot.
>
> - The vulnerability does not provide any capability to
> compromise data on the server or gain administrative
> control over it.
>
> - Mounting a successful attack requires the ability to pass a
> hand-crafted message to the target system, most likely through
> a simulated server-based connection. It is not possible to
> craft a malformed message using an email client such as
> Outlook or Outlook Express.
>
> Risk Rating:
> ============
> - Internet systems: Critical
> - Intranet systems: Critical
> - Client systems: None
>
> Patch Availability:
> ===================
> - A patch is available to fix this vulnerability. Please read the
> Security Bulletin at
> http://www.microsoft.com/technet/security/bulletin/ms02-025.asp
> for information on obtaining this patch.
>
> Acknowledgment:
> ===============
> - Mr. Allendoerfer (allendoerfer@xxxxxxxxxxxx);
> Mr. Koenig (koenig@xxxxxxxxxxxx);
> Mr. Kraemer (kraemer@xxxxxxxxxxxx);
> Mr. Schaal (schaal@xxxxxxxxxxxx);
> Mr. Tacke (tacke@xxxxxxxxxxxx) of the Computing Center,
> Johannes Gutenberg University Mainz, Germany
> -
> ---------------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
> "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
> WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
> WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
> IN NO EVENT
> SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
> DAMAGES
> WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
> LOSS OF
> BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
> ITS
> SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
> STATES DO
> NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
> OR
> INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQEVAwUBPPUZCI0ZSRQxA/UrAQHOdwgArEHNVboO1OjPt3cRNzxY1P3sgD8ajB0F
> mxmy4xbSCcwfMKPdUztFsup8LmzHEYxlYHjo1lS8RiptQEqONHZuhehUlbu8B82u
> 3ZU0aaQxnORLH9mpBTftTrJIebEog4bPDL+A9DxhSBRnsJvgHBKPYUqyx+6fky0J
> h+acANXiCXHvwfcvnOyp3eMCM5kkqGraZ1A6STtJUUItUhTRkHN7VveMu/a4BuT2
> vyVLsbHWRlfuBgb4ocjkRN8XUd4bZXXIomSEVn6yyOsJCTVamn4ALGWTI71sQ5EI
> 0QEPnxhrypkM/ujYxIpo5TGdhmiKyooU9zSrHsEGDUeYC/bLzcah/Q==
> =g7N5
> -----END PGP SIGNATURE-----
>
>
> *******************************************************************
>
> You have received this e-mail bulletin because of your subscription to
> the
Microsoft Product Security Notification Service. For more information
on this service, please visit
http://www.microsoft.com/technet/security/notify.asp.
>
> To verify the digital signature on this bulletin, please download our
> PGP
key at http://www.microsoft.com/technet/security/notify.asp.
>
> To unsubscribe from the Microsoft Security Notification Service,
> please
visit the Microsoft Profile Center at
http://register.microsoft.com/regsys/pic.asp
>
> If you do not wish to use Microsoft Passport, you can unsubscribe from
> the
Microsoft Security Notification Service via email as described below:
> Send an email to unsubscribe to the Service by following these steps:
> a. Send an e-mail to securrem@xxxxxxxxxxxxxx The subject line and the
message body are not used to process the subscription request, and can
be anything you like.
> b. Send the e-mail.
> c. You will receive a response, asking you to verify that you really
> want
to cancel your subscription. Compose a reply, and put "OK" in the
message body. (Without the quotes). Send the reply.
> d. You will receive an e-mail telling you that your name has been
> removed
from the subscriber list.
>
> For security-related information about Microsoft products, please
> visit
the Microsoft Security Advisor web site at
http://www.microsoft.com/security.
>
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
psraj@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
jgnguyen@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
The preceding e-mail message (including any attachments) contains information
that may be
confidential or constitute non-public information. It is intended to be
conveyed only to the
designated recipient(s). If you are not an intended recipient of this message,
please notify
the sender by replying to this message and then delete it from your system.
Use,
dissemination, distribution, or reproduction of this message by unintended
recipients is not
authorized and may be unlawful.
Other related posts:
- » RE: Fw: Microsoft Security Bulletin MS02-025:Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPUResources (Q320436)
