-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------
Title: Malformed Mail Attribute can Cause Exchange 2000 to
Exhaust CPU Resources (Q320436)
Date: 29 May 2002
Software: Microsoft Exchange
Impact: Denial of Service
Max Risk: Critical
Bulletin: MS02-025
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-025.asp.
- ----------------------------------------------------------------------
Issue:
======
To support the exchange of mail with heterogeneous systems,
Exchange messages use the attributes of SMTP mail messages that
are specified by RFC's 821 and 822. There is a flaw in the way
Exchange 2000 handles certain malformed RFC message attributes
on received mail. Upon receiving a message containing such
a malformation, the flaw causes the Store service to consume
100% of the available CPU in processing the message.
A security vulnerability results because it is possible for an
attacker to seek to exploit this flaw and mount a denial of
service attack. An attacker could attempt to levy an attack
by connecting directly to the Exchange server and passing a
raw, hand-crafted mail message with a specially malformed
attribute. When the message was received and processed by the
Store service, the CPU would spike to 100%. The effects of the
attack would last as long as it took for the Exchange Store
service to process the message. Neither restarting the service
nor rebooting the server would remedy the denial of service.
Mitigating Factors:
====================
- The effect of an attack via this vulnerability would be
temporary. Once the server completed processing the
message, normal operations would resume. However, it
is not possible to halt the processing of the message
once begun, even with a reboot.
- The vulnerability does not provide any capability to
compromise data on the server or gain administrative
control over it.
- Mounting a successful attack requires the ability to pass a
hand-crafted message to the target system, most likely through
a simulated server-based connection. It is not possible to
craft a malformed message using an email client such as
Outlook or Outlook Express.
Risk Rating:
============
- Internet systems: Critical
- Intranet systems: Critical
- Client systems: None
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
http://www.microsoft.com/technet/security/bulletin/ms02-025.asp
for information on obtaining this patch.
Acknowledgment:
===============
- Mr. Allendoerfer (allendoerfer@uni-mainz.de);
Mr. Koenig (koenig@uni-mainz.de);
Mr. Kraemer (kraemer@uni-mainz.de);
Mr. Schaal (schaal@uni-mainz.de);
Mr. Tacke (tacke@uni-mainz.de) of the Computing Center,
Johannes Gutenberg University Mainz, Germany
- ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPPUZCI0ZSRQxA/UrAQHOdwgArEHNVboO1OjPt3cRNzxY1P3sgD8ajB0F
mxmy4xbSCcwfMKPdUztFsup8LmzHEYxlYHjo1lS8RiptQEqONHZuhehUlbu8B82u
3ZU0aaQxnORLH9mpBTftTrJIebEog4bPDL+A9DxhSBRnsJvgHBKPYUqyx+6fky0J
h+acANXiCXHvwfcvnOyp3eMCM5kkqGraZ1A6STtJUUItUhTRkHN7VveMu/a4BuT2
vyVLsbHWRlfuBgb4ocjkRN8XUd4bZXXIomSEVn6yyOsJCTVamn4ALGWTI71sQ5EI
0QEPnxhrypkM/ujYxIpo5TGdhmiKyooU9zSrHsEGDUeYC/bLzcah/Q==
=g7N5
-----END PGP SIGNATURE-----