RE: IIS SMTP component allows mail relaying via Null Session

From: Frank Knobbe (FKnobbe@KnobbeITS.com)
Date: 03/01/02


From: Frank Knobbe <FKnobbe@KnobbeITS.com>
To: 'Marc Fossi' <mfossi@securityfocus.com>, Focus-MS <focus-ms@securityfocus.com>
Date: Fri, 1 Mar 2002 14:51:13 -0600 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Marc Fossi [mailto:mfossi@securityfocus.com]
> Sent: Friday, March 01, 2002 1:02 PM
>
> [...]
> Workarounds:
> Disable the SMTP service.
> Disable the ability of authenticated users to relay email.
> Firewall off the SMTP service from untrusted networks.
>
> Recommendations:
> Disable the SMTP service, if not needed.
> Install the patch from Microsoft

If this issue only occurs with NTLM authentication, wouldn't it be
possible to use only clear-text for authentication? (over SSL
preferred) Can NULL sessions be created (or an equivalent bypass)
using clear-text (basic authentication)?

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBPH/pwczYtOFvgXQfEQKrmwCgnKa/G/1YPjwj6CTAIVMek6QwdjoAoLBv
Yrr/+ZU9ieIPFTHidK6+xHjV
=SKpa
-----END PGP SIGNATURE-----



Relevant Pages

  • RE: Microsoft Security Bulletin MS02-011
    ... Does anyone have any details about the "Authentication Flaw" in question? ... Apparently the SMTP service gets back from the NTLM that a user was ... Subject: Microsoft Security Bulletin MS02-011 ... The vulnerability results because the affected ...
    (Focus-Microsoft)
  • Alert:Microsoft Security Bulletin - MS02-011
    ... Exchange 2000 servers are not affected by the vulnerability because they correctly handle the authentication process to the SMTP service. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
    (NT-Bugtraq)
  • More Authorization Questions
    ... authentication, and yet still be able to receive emails ... server open for anonymous relay and have spammers use my ... I tried adding IP ranges to the Relay Restrictions list, ... It's as if the SMTP service ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Alert:Microsoft Security Bulletin - MS02-011
    ... Exchange 2000 servers are not affected by the vulnerability because they correctly handle the authentication process to the SMTP service. ... If the SMTP service has been disabled, the mail relaying vulnerability could not be exploited. ...
    (NT-Bugtraq)
  • Re: More Authorization Questions
    ... >authentication, and yet still be able to receive emails ... >server open for anonymous relay and have spammers use my ... It's as if the SMTP service ... What am I missing here? ...
    (microsoft.public.inetserver.iis.smtp_nntp)