Re: New Microsoft Exchange Server Vulnerability
From: Thor (thor_at_hammerofgod.com)
Date: 11/15/03
- Previous message: nmindell_at_microsoft.com: "Webcast: Microsoft Security VP talks about what Microsoft is doing about security"
- In reply to: Paul Kurczaba: "New Microsoft Exchange Server Vulnerability"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: New Microsoft Exchange Server Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Paul Kurczaba" <paul@myipis.com>, "'Tom Burns'" <tburns@torcausa.com>, <focus-ms@securityfocus.com>, <security-basics@securityfocus.com> Date: Sat, 15 Nov 2003 10:15:23 -0800
Some gems to point out in this "vulnerability."
It requires the guest account be turned on, and that the smtp virtual server
is directly accessible for auth. I love this quote from the guy who
"discovered" this:
"If the guest account is enabled (on Exchange 5.5 and 2000), even if your
login fails, you can send mail, because the guest account is there as a
catchall," he said. "Even if you think you've done everything (to secure the
server), you are still open to spammers."
Done everything except disable the guest account, he means. I like the way
they nicely dance over "The guest account is a way for administrators to let
visitors use a mail server anonymously, but because of security issues, the
feature is generally not enabled. " I also like how they call "cleaning
Code Red" leaving the guest account active (and presumably still part of the
admin group). Duh.
But my favorite is: ' "It is really inexcusable for a company that claims
security is its top priority," he said.'
No, it is inexcusable for a college kid to charge someone to misconfigure
their servers, and leave the guest account on (and let's not go into how
they got Code Red in the first place) and go on about it as if it was
someone else's fault.
T
----- Original Message -----
From: "Paul Kurczaba" <paul@myipis.com>
To: "'Tom Burns'" <tburns@torcausa.com>; <focus-ms@securityfocus.com>;
<security-basics@securityfocus.com>
Sent: Friday, November 14, 2003 7:32 PM
Subject: New Microsoft Exchange Server Vulnerability
Here is a link that I ran across. There is a new flaw that allows spammers
to send emails through Microsoft Exchange.
http://zdnet.com.com/2100-1105_2-5107904.html?tag=zdfd.newsfeed
-Paul Kurczaba
-----Original Message-----
From: Tom Burns [mailto:tburns@torcausa.com]
Sent: Tuesday, November 11, 2003 9:00 AM
To: focus-ms@securityfocus.com
Subject: Exchange SMTP Hole?
Good morning all,
I have an exchange server that's been running for quite some time (over a
year) and had it locked down to prevent relay (spam). It is patched all the
way up to 3a.
I checked my queues yesterday and got slammed by spam relaying.
Is there a security hole that MS does not know about yet in SMTP?????
The only way I resolved this was to block connection from 219.x.x.x,
218.x.x.x, 211.x.x.x, etc.
This server has been testing aginst ORDB.ORG and shown to NOT be an open
relay.
If anyone has any suggestions, please let me know.
Thomas A. Burns
System Administrator
Torca Products Inc.
Auburn Hills, MI 48326
248-373-8300 x186
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security at
the largest, most highly-anticipated industry event of the year. Don't miss
RSA Conference 2004! Choose from over 200 class sessions and see demos from
more than 250 industry vendors. If your job touches security, you need to be
here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
- Previous message: nmindell_at_microsoft.com: "Webcast: Microsoft Security VP talks about what Microsoft is doing about security"
- In reply to: Paul Kurczaba: "New Microsoft Exchange Server Vulnerability"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: New Microsoft Exchange Server Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
