Null session and Exchange2K
From: Jet Chan (yenjet.chan@eglobal.com.my)Date: 06/20/02
- Previous message: Brett Bingaman: "RE: backing up IE config"
- Next in thread: Evans, TJ: "RE: Null session and Exchange2K"
- Reply: Evans, TJ: "RE: Null session and Exchange2K"
- Reply: Zack Berkovitz: "RE: Null session and Exchange2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jet Chan" <yenjet.chan@eglobal.com.my> To: <focus-ms@securityfocus.com> Date: Thu, 20 Jun 2002 18:38:42 +0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greeting,
I wonder how many people got this error.
In the kb below, MS said Exchange2K cannot have
restrictanonymous=0x2,
otherwise it will blocks users from browsing the Global Address List.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q309622
So, is that means, an Exchange 2000 server cannot install SRP1 and
having restrictanonymous=0x2 ???
In this case, an Exchange 2000 server might vulnerable to Null
Session enumeration.
So is the only solution now is protect the server with firewall ?
regards,
.//Jet
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
Comment: jchan@trusecure.com
iQA/AwUBPRGwr6JYwK+Y2D1BEQLR1ACg4El5R9RqQKsCDqvn2e9TmAtKpQ8AnAya
i/OEG0Axt58wezNzn+NIx5n9
=BOuz
-----END PGP SIGNATURE-----
- Previous message: Brett Bingaman: "RE: backing up IE config"
- Next in thread: Evans, TJ: "RE: Null session and Exchange2K"
- Reply: Evans, TJ: "RE: Null session and Exchange2K"
- Reply: Zack Berkovitz: "RE: Null session and Exchange2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
