|
|
Microsoft SMTP服务处理畸形FILETIME邮件选项拒绝拒绝服务攻击漏洞
发布时间:2003-07-02
更新时间:2003-07-15
严重程度:高
威胁程度:远程拒绝服务
错误类型:意外情况处置错误
利用方式:服务器模式
BUGTRAQ ID:8195
受影响系统Microsoft Exchange Server 2000 SP2
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
Microsoft Exchange Server 2000 SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
Microsoft Exchange Server 2000
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2 未影响系统Microsoft Windows 2000 Server SP4 详细描述
Microsoft SMTP服务在处理邮件时存在问题,当服务器程序处理邮件中畸形的FILETIME选项时会导致服务器程序停止响应,服务器进程是否会被自动重启或需要手工启动未知。此漏洞影响打了SP2和SP3的Windows 2000 Server或Microsoft Exchange 2000 Server。
解决方案
厂商已经在最新的补下包中修补了此安全漏洞:
Microsoft Upgrade Windows 2000 SP4
http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp
相关信息
Corrupted Inbound Message Causes the SMTP Service to Stop or to Shut Down Unexpectedly
http://support.microsoft.com/default.aspx?kbid=330716
|
