Re: New Microsoft Exchange Server Vulnerability
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 11/15/03
- Previous message: Mason, Samuel: "MS03-049 Scanner?"
- In reply to: Paul Kurczaba: "New Microsoft Exchange Server Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 15 Nov 2003 13:24:24 -0800 To: Paul Kurczaba <paul@myipis.com>
Hardly a new flaw. And a server that's been compromised with Nimda
should be flattened and rebuilt for this very reason. It's no longer a
trusted system.
Paul Kurczaba wrote:
>Here is a link that I ran across. There is a new flaw that allows spammers
>to send emails through Microsoft Exchange.
>
>http://zdnet.com.com/2100-1105_2-5107904.html?tag=zdfd.newsfeed
>
>-Paul Kurczaba
>
>-----Original Message-----
>From: Tom Burns [mailto:tburns@torcausa.com]
>Sent: Tuesday, November 11, 2003 9:00 AM
>To: focus-ms@securityfocus.com
>Subject: Exchange SMTP Hole?
>
>
>Good morning all,
>
>I have an exchange server that's been running for quite some time (over a
>year) and had it locked down to prevent relay (spam). It is patched all the
>way up to 3a.
>
>I checked my queues yesterday and got slammed by spam relaying.
>
>Is there a security hole that MS does not know about yet in SMTP?????
>
>The only way I resolved this was to block connection from 219.x.x.x,
>218.x.x.x, 211.x.x.x, etc.
>
>This server has been testing aginst ORDB.ORG and shown to NOT be an open
>relay.
>
>If anyone has any suggestions, please let me know.
>
>
>Thomas A. Burns
>System Administrator
>Torca Products Inc.
>Auburn Hills, MI 48326
>248-373-8300 x186
>
>---------------------------------------------------------------------------
>Network with over 10,000 of the brightest minds in information security at
>the largest, most highly-anticipated industry event of the year. Don't miss
>RSA Conference 2004! Choose from over 200 class sessions and see demos from
>more than 250 industry vendors. If your job touches security, you need to be
>here. Learn more or register at
>http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
>and use priority code SF4.
>---------------------------------------------------------------------------
>
>
>
>
>---------------------------------------------------------------------------
>Network with over 10,000 of the brightest minds in information security
>at the largest, most highly-anticipated industry event of the year.
>Don't miss RSA Conference 2004! Choose from over 200 class sessions and
>see demos from more than 250 industry vendors. If your job touches
>security, you need to be here. Learn more or register at
>http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
>and use priority code SF4.
>---------------------------------------------------------------------------
>
>
>
-- http://www.sbslinks.com/really.htm --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ms_031027 and use priority code SF4. ---------------------------------------------------------------------------
- Previous message: Mason, Samuel: "MS03-049 Scanner?"
- In reply to: Paul Kurczaba: "New Microsoft Exchange Server Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
