Version: 2008
advertisement
Click Here

Microsoft Exchange Server 5.5 Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service 05.05.55.2655

  • Quick specs
  • Price: Update
  • Operating system: Windows 98/2000/XP
  • Date added: February 27, 2002
  • Total Downloads: 17
  • Downloads last week: 1
  • See full specifications
Add to my list Add to my Watch List
Download Now (1.05MB)
Tested spyware free

Publisher's description

From Microsoft :

An SMTP service installs by default as part of Windows 2000 server products and as part of the Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5. (The IMC, also known as the Microsoft Exchange Internet Mail Service, provides access and message exchange to and from any system that uses SMTP). A vulnerability results in both services because of a flaw in the way they handle a valid response from the NTLM authentication layer of the underlying operating system.

By design, the Windows 2000 SMTP service and the Exchange Server 5.5 IMC, upon receiving notification from the NTLM authentication layer that a user has been authenticated, should perform additional checks before granting the user access to the service. The vulnerability results because the affected services don't perform this additional checking correctly. In some cases, this could result in the SMTP service granting access to a user solely on the basis of their ability to successfully authenticate to the server.

An attacker who exploited the vulnerability could gain only user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server.

Microsoft My Phone
Connect your phone to the Web to back up the phone, share photos, or access contacts or text messages
Download Now

More popular Operating Systems & Updates downloads

  1. 21,233 downloads 1. CNET TechTracker app
  2. 20,694 downloads 2. DriverMax
  3. 7,211 downloads 3. Windows 7 USB/DVD Download Tool
  4. 7,090 downloads 4. Microsoft Windows XP Home Edition
  5. 6,580 downloads 5. Windows XP Media Center Edition
  6. See all Operating Systems & Updates downloads
Driver Agent
Update your PC's drivers for better performance and stability.
Download Now

User reviews

Write your own review Be the first one to review Microsoft Exchange Server 5.5 Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service 05.05.55.2655 and share your experience with the CNET community!

Submit your review

Log in or create an account to submit your review for:

Microsoft Exchange Server 5.5 Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service 05.05.55.2655

 ORLog in with your Facebook account
1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit
See more CNET content tagged:
Microsoft Corp.,
Microsoft Exchange Server,
Microsoft Windows 2000,
SMTP,
vulnerability

advertisement
Click Here
download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET API
About CNET