XADM: AUTHINFO Command Causes Information Store Problems (188369)
The information in this article applies to:
- Microsoft Exchange Server 5.0
- Microsoft Exchange Server 5.5
This article was previously published under Q188369 SYMPTOMS
A malicious attacker could connect to the NNTP port of an Exchange Server
5.5 or 5.0 machine and disrupt the information store process by issuing
specific sequences of AUTHINFO commands.
When this occurs, an application error similar to one of the following
may occur:
In addition, the Exchange Server information store may stop unexpectedly,
causing the Internet Mail Service and other Exchange Server information
services to no longer function properly.
CAUSE
Improper checking of bounds conditions on certain AUTHINFO command
sequences can result in a buffer overflow.
STATUS
Microsoft has confirmed this to be a problem in Microsoft Exchange Server
version 5.0.
A supported fix is now available, but has not been fully regression-tested
and should be applied only to systems experiencing this specific problem.
Unless you are severely impacted by this specific problem, Microsoft
recommends that you wait for the next service pack that contains this fix.
Contact Microsoft Technical Support for more information.
This fix has been posted to the following Internet location:
Microsoft has confirmed this to be a problem in Microsoft Exchange Server
version 5.5. This problem has been corrected in the latest U.S. service
pack for Microsoft Exchange Server version 5.5. For information on
obtaining the service pack, query on the following word in the Microsoft
Knowledge Base (without the spaces):
| Modification Type: | Minor | Last Reviewed: | 9/23/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbbug kbfix kbQFE KB188369 |
|---|
|