My take on the Newly discovered Exchange Flaw

["Lan Guy" <rlanguy () hotmail com>]

Hi

If someone posted this on the list, I missed it.

Mail server flaw opens Exchange to spam
http://news.com.com/2100-7355_3-5107904.html?tag=nefd_top

Following the article through gets you some company Think Computer who claim
they have found a flaw.
They even wrote a 7 page white paper on the Flaw!
http://www.thinkcomputer.com/corporate/news/spamserver.pdf

I don't know that much about default accounts on Windows NT and Exchange
5.5, but I do know a bit about Windows 2000 AD, and Exchange 2000.

What the author claims is if the guest account on the Server is active then
the account can be used to send email.
Now I am not disputing the logic there. If a guest account is active and it
has been given an Exchange mailbox (GOK) then the account can be used to
send email.

Before continuing here is some important information to consider:
1. When a Server is built as a Domain Controller, the Local Accounts are
deleted and only AD (Active Directory) Accounts can access the server.
The Guest account is automatically disabled.

2. When a Server is built as a Domain Member, the Local Accounts remain.
Those accounts and AD (Active Directory) Accounts can access the server.
When a server is joins the Domain The Local Guest Account is disabled by
default.

3. When Exchange 2000 is installed it does not create mailboxes by default.
The mailboxes have to be created.


Thus for this flaw to work on a Server with Exchange 2000, An Administrator
would have had to have activated the Guest account.

I have never seen such a stupid claim as needing the Guest Account active to
send mail from.

Lan Guy

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html