XCLN: POP and IMAP Security Issues

• Microsoft Exchange Macintosh client, versions 4.0 and 5.0
• Microsoft Exchange MS-DOS client, versions 4.0 and 5.0
• Microsoft Exchange Windows 3.x client, versions 4.0 and 5.0
• Microsoft Exchange Windows 95 client, versions 4.0 and 5.0
• Microsoft Exchange Windows NT client, versions 4.0 and 5.0

The Computer Emergency Response Team Coordination Center (CERT/CC) recently released a warning memorandum that stated that certain implementations of Post Office Protocol (POP) and Internet Mail Access Protocol (IMAP) mail were vulnerable to a "Root Level" attack from outside agents. (Agents here means users or software designed to maliciously attack a foreign server or mail system.) Microsoft Exchange Clients are not vulnerable to such attacks.

This kind of attack or security breach is only possible under certain iterations of the UNIX operating system; the problem is due to the way file and user access are offered. Because Microsoft Exchange Server is based on the Windows NT Server operating system, our products are not vulnerable to such attacks.

For more information, please go to the following URL

   www.cert.org/

   CERT* Advisory CA-97.09
   Original issue date: April 7, 1997
   Last revised: April 18, 1997

Keywords          : XCLN kbusage
Version           : WINDOWS:4.0,5.0;Win95:4.0,5.0;WinNT:4.0,5.0
Platform          : MACINTOSH MS-DOS Win95 WINDOWS winnt