Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: RE: IIS SMTP component allows mail relaying via Null Session

RE: IIS SMTP component allows mail relaying via Null Session

From: Toni Lassila <toni.lassila_at_mc-europe.com>
Date: Mon, 4 Mar 2002 08:13:03 +0200

> -----Original Message-----
> From: Todd Sabin [mailto:tsabin_at_razor.bindview.com]
> Sent: Friday, March 01, 2002 17:31
> To: bugtraq_at_securityfocus.com
> Subject: IIS SMTP component allows mail relaying via Null Session
>
> Overview:
> IIS comes with a small SMTP component. The default settings allow
> anyone who can authenticate to it to relay email. Because the
> authentication system supports NTLM, it is possible for anyone to
> authenticate using null session credentials, and then relay email.
>
> Workarounds:
> Disable the SMTP service.
> Disable the ability of authenticated users to relay email.
> Firewall off the SMTP service from untrusted networks.

I suspect turning off NTLM authentication and allowing only Basic
Authentication (with or without TLS), or alternatively disabling
null session access (details are in many MS KB) from the server
are two possible workarounds as well. Disabling null sessions is
one of those security features one should do when securing a
Windows-based server anyway. 

-- 
Toni Lassila         t.lassila_at_mc-europe.com
Operations Engineer         +358 9 5655 1882

  • application/x-pkcs7-signature attachment: smime_p7s
Received on Mar 04 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]