The information in this article applies to:
SYMPTOMS
A malicious attacker could connect to the NNTP port of an Exchange Server
5.5 or 5.0 machine and disrupt the information store process by issuing
specific sequences of AUTHINFO commands.
CAUSEImproper checking of bounds conditions on certain AUTHINFO command sequences can result in a buffer overflow. STATUS
Microsoft has confirmed this to be a problem in Microsoft Exchange Server
version 5.0.
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.0/Post-SP2-STORE/ Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 5.5. This problem has been corrected in the latest U.S. service pack for Microsoft Exchange Server version 5.5. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces): S E R V P A C K Additional query words: ims internet mail connector imc
Keywords : |
Last Reviewed: April 19, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |