Exchange Malformed MIME Header Handling DoS

medium Nessus Plugin ID 10558

Synopsis

The remote SMTP server has a denial of service vulnerability.

Description

The remote Exchange server seems to be vulnerable to a flaw that lets malformed MIME headers crash it.

*** Nessus did not actually test for these flaws - it just relied
*** on the banner to identify them. Therefore, this warning may be
*** a false positive - especially since the banner DOES NOT CHANGE
*** if the patch has been applied.

Solution

Microsoft has released a set of patches for Exchange 5.0 and 5.5.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-082

Plugin Details

Severity: Medium

ID: 10558

File Name: exchange_dos.nasl

Version: 1.29

Type: remote

Published: 11/27/2000

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/31/2000

Reference Information

CVE: CVE-2000-1006

BID: 1869

MSFT: MS00-082

MSKB: 275714, 834130