Follow:

Policy:Win/SMTP.AUTH.PE!CAN-2002-0054

Severity rating
Low

Class/Type
Policy

Discovered date
2007-02-27T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

The vulnerability results because of an authentication error affecting the SMTP service in Windows 2000, Windows NT Server 4.0, and the Exchange Server 5.5 Internet Mail Connector. These services should perform additional checking before granting mail privileges to a user who has authenticated to the server; however, they do not do so correctly



Impact

The vulnerability would enable an attacker to levy mail requests as an authorized user. That is, it would enable the attacker to send mail. The most likely use of this vulnerability would be in performing mail relaying.



Technical details (analysis)

SMTP (Simple Mail Transfer Protocol) is an industry standard for delivery of mail via the Internet, defined in RFCs 2821 and 2822 . The protocol defines the format of mail messages, the fields in them and their contents, and the handling procedures for mails. The vulnerability results because of an authentication error affecting the SMTP service in Windows 2000, Windows NT Server 4.0, and the Exchange Server 5.5 Internet Mail Connector. These services should perform additional checking before granting mail privileges to a user who has authenticated to the server; however, they do not do so correctly.



Affected software

Microsoft Windows 2000
Microsoft Windows NT Server 4.0 Option Pack
Microsoft Exchange Server 5.5



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Policy:Win/SMTP.AUTH.PE!CAN-2002-0054
Release Date: 2007-02-27T00:00:00



Known false positives

The signature detects an attempt to escalate privileges on SMTP server. Please ignore any triggers if you have already applied the patch.



Work-arounds

If the SMTP service has been disabled, the mail relaying vulnerability could not be exploited.