Microsoft Exchange Server 5.5 Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service 05.05.55.2655

Microsoft Exchange Server 5.5 Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service 05.05.55.2655 provides you an effective yet convenient to use SMTP service installs by default as part of Windows 2000 server products and as part of the Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5. (The IMC, also known as the Microsoft Exchange Internet Mail Service, provides access and message exchange to and from any system that uses SMTP). A vulnerability results in both services because of a flaw in the way they handle a valid response from the NTLM authentication layer of the underlying operating system.

By design, the Windows 2000 SMTP service and the Exchange Server 5.5 IMC, upon receiving notification from the NTLM authentication layer that a user has been authenticated, should perform additional checks before granting the user access to the service. The vulnerability results because the affected services don't perform this additional checking correctly. In some cases, this could result in the SMTP service granting access to a user solely on the basis of their ability to successfully authenticate to the server.

An attacker who exploited the vulnerability could gain only user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server.

Requirements:

• PC―x64 architecture-based computer with Intel processor that supports Intel 64 architecture (formerly known as Intel EM64T) or AMD processor that supports the AMD64 platform
• Operating system―Microsoft Windows Server 2008 Standard x64 Edition or Enterprise x64 Edition
• Operating system for installing management tools―The 64-bit editions of Microsoft Windows Vista SP1 or later, or Windows Server 2008. Note: Requirements only for management tools installation.
• Memory―Minimum of 4 gigabytes (GB) of RAM per server plus 5 megabytes (MB) of RAM recommended for each mailbox
• Disk space
• • At least 1.2 GB on the drive used for installation
  • An additional 500 MB of available disk space for each Unified Messaging (UM) language pack that you plan to install
  • 200 MB of available disk space on the system drive
• Drive―DVD-ROM drive, local or network-accessible
• File format―Disk partitions formatted as NTFS file systems
• Monitor―Screen resolution 800x600 pixels or higher