|
CERT-NL | |||||
Author/Source | : | Teun Nijssen | Index | : | S-00-03 | |
Distribution | : | World | Page | : | 1 | |
Classification | : | External | Version | : | 1 | |
Subject | : | Buffer overflow Miscrosoft MCIS mail server | Date | : | 05-Jan-2000 |
By courtesy of Microsoft Product Security we received information on a vulnerability in the Microsoft Commercial Internet System (MCIS) Mail server.
CERT-NL recommends to apply the patches mentioned below.
Microsoft has released a patch that eliminates a vulnerability in the Microsoft(r) Commercial Internet System (MCIS) Mail server. The vulnerability could allow a malicious user to remotely cause services on the server to fail, or cause arbitrary code to run on the server.
Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/security/bulletins/00/MS00-001faq.asp.
The IMAP service included in MCIS Mail has an unchecked buffer. If a malformed request containing random data were passed to the service, it could cause the web publishing, IMAP, SMTP, LDAP and other services to crash. If the malformed request contained specially crafted data, it could also be used to run arbitrary code on the server via a classic buffer overrun attack.
- Microsoft Commercial Internet System 2.0 and 2.5.
NOTE: Additional security patches are available at the Microsoft Download Center
Please see the following references for more information related to this issue.
- Frequently Asked Questions: Microsoft Security Bulletin MS00-001, http://www.microsoft.com/security/bulletins/00/MS00-001faq.asp.
- Microsoft Knowledge Base (KB) article Q246731,
MCIS: MCIS Mail Services unexpectedly stop,
http://support.microsoft.com/support/kb/articles/q246/7/31.asp.
(Note: It may take 24 hours from the original posting of this bulletin for the KB article to be visible.)- Microsoft Security Advisor web site,
http://www.microsoft.com/security/default.asp.
This is a fully supported patch. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/support/contact/default.asp.
Microsoft acknowledges Tristan Goode for bringing this issue to our attention.
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST).
All CERT-NL material is available under:
http://cert.surfnet.nl/
In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team).
CERT-NL is one/two hour(s) ahead of UTC
(GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
Email: | cert-nl@surfnet.nl | ATTENDED REGULARLY ALL DAYS |
Phone: | +31 302 305 305 | BUSINESS HOURS ONLY |
Fax: | +31 302 305 329 | BUSINESS HOURS ONLY |
Snailmail: | SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands |
. |
NOODGEVALLEN: 06 22 92 35 64 ALTIJD
BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING
WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER.
CERT-NL WILL THEN CONTACT YOU.
|