Interesting Exchange 2000/2003 problem

From: Rene (rene_at_RJCONSULTING.CA)
Date: 03/17/04

  • Next message: NGSSoftware Insight Security Research: "Norton AntiSpam Remote Buffer Overrun (#NISR19042004a)" 
    Date:         Tue, 16 Mar 2004 21:21:03 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Environment

    Exchange 2000 or 2003 running in Native mode in a W2K AD.

    Problem

    Regular users with no rights to modify ad security groups have the ability
    to change a distribution list to a security group.

    Steps to recreate problem.

    1: User opens a mailbox with Outlook 2000 / XP / 2003
    2: Navigates to mailbox permissions
    3: Add distribution list from Gal access as contributor.
    4: Save changes

    Once the user adds the distribution list Exchange will convert the
    distribution list to a like security group

    for example if you have a All_Users universal distribution list Exchange
    will convert to a Universal Security group.
    This can cause some serious Kerberos issues if you are running close to the
    Kerberos key size limits.

    Has anyone come across this and if so have they found a solution to stopping
    this behavior?

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: NGSSoftware Insight Security Research: "Norton AntiSpam Remote Buffer Overrun (#NISR19042004a)"