mailing list archives
Possible problems with patch MS02_025 for Exchange 2000
From: Ken Brown <k.brown () ccs bbk ac uk>
Date: Thu, 06 Jun 2002 15:18:29 +0100
A Windows 2000/Exchange 2000 server is set to send all mail that it
can't resolve from it's own address books to a "smart hub".
This worked fine till
installed, then failed.
Mail sent outside our organisation still goes, but mail sent to
addresses in our local domain are rejected. They should be sent to the
hub, because there are other mail users in the domain who do not use
Exchange. It worked until MS02_025 was installed, then failed, then
stared working again when the patch was backed out.
An non-deliverable report (NDR) was returned to the originator with code
can mean either "The e-mail account does not exist at the organization
this message was sent to" *or* "Also, if you configured your SMTP
contact with invalid SMTP RFC821 chars, the categorizer will reject the
delivery with this diagnostic code." It seems that the categorizer is
MS02-025 says "The patch eliminates the vulnerability by ensuring that
the Exchange 2000 Store immediately rejects messages with malformed
On the face of it it seems that Exchange 2000 may now be rejecting valid
messages originating from users at that Exchange server.
It does not say which malformed attributes are being rejected, nor what
message is sent back to the originator of the message, nor what, if any,
notification is made to the administrators of the server. (If it is in
fact the case that the originator gets and NDR but there is no explicit
notification to the admins then that itself is a security flaw if the
message is correctly rejected because it tells the attacker what level
of security is in place but does not alert the defenders)
- Possible problems with patch MS02_025 for Exchange 2000 Ken Brown (Jun 07)