COMMAND

    MS Exchange

SYSTEMS AFFECTED

    Win NT  4.0 (tested  on Microsoft  Exchange Internet  Mail Service
    5.0.1457.7) with MS Exchange 4.0 and 5.0 (no SP1)

PROBLEM

    Following info  is based  on rootshell.com  exclusive report.   It
    may  be  possible  to  execute  arbritrary  code  from remote on a
    machine running exchange.   Microsoft Exchange appears  to have  a
    buffer  overflow  in  versions  prior  to  5.5.   The  bug  may be
    exploited with a long string in both the HELO/EHLO and MAIL  FROM:
    phase.   To  exploit  this  bug  simply  telnet  to  port 25 of an
    exchange server and enter the following :

        HELO aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

        [ continue with about two pages of a's and then hit enter ]

    Example #2 :

        HELO blah
        MAIL FROM: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

        [ continue with about two pages of a's and then hit enter ]

    The exchange server will crash.  In some cases, this attack  could
    also allow the execution of arbitrary code from the stack.

SOLUTION

    This was fixed  in a service  pack (SP1) for  Exchange 5.0.   This
    issue does not effect Exchange Server 5.5.