SMTP Vulnerability in Windows 2000

A vulnerability exists in the default SMTP server that is installed with these four versions of Win2K. An attacker can use a vulnerability in the SMTP authentication process to successfully authenticate to the SMTP service using incorrect credentials.

Ken Pfeil

July 5, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported July 06, 2001, byMicrosoft.

VERSIONS AFFECTED

 

  • Windows 2000 Professional, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server

 

DESCRIPTION
Avulnerability exists in the default SMTP server that is installed with thesefour versions of Win2K. An attacker can use a vulnerability in the SMTPauthentication process to successfully authenticate to the SMTP service usingincorrect credentials. A potential attacker exploiting this vulnerability cangain user-level privileges on the SMTP service and use the service to performSMTP mail relaying. This vulnerability affects only standalone machines, not DCsor Microsoft Exchange mail servers running Win2K.

 

 

VENDOR RESPONSE

Thevendor, Microsoft, has released securitybulletin MS01-037for this vulnerability, and recommends that Win2K users immediately apply the patchmentioned in the bulletin. Patches for Win2K Datacenter are hardware specific,and are available only through the original equipment manufacturer. As usual, ifa service is not needed, a user should disable the service.

 

CREDIT
Discovered by JoaoGouveia.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like