OSVDB ID: 15467

Title: Microsoft Exchange Server SMTP Extended Verb X-LINK2STATE Remote Overflow

Info

Disclosure

Apr 12, 2005

Discovery

Unknown

Dates

Exploit

Apr 19, 2005

Solution

Unknown

Description

A remote overflow exists in Microsoft Exchange Server. The 'SvrAppendReceivedChunk()' function in the 'xlsasink.dll' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted 'X-LINK2STATE' extended verb request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Exchange Server	2003
		2000

References

Security Tracker: 1013687
Bugtraq ID: 13118
SCIP VulDB ID: 1351
Secunia Advisory ID: 14920
CVE ID: 2005-0560 (see also: NVD)
CERT VU: 275193
Microsoft Knowledge Base Article: 894549
Milw0rm: 947
Exploit Database: 947
Mail List Post: http://archives.neohapsis.com/archives/vuln-dev/2005-q2/0012.html
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/exchange_x_link2state_bo
Other Advisory URL: http://www.auscert.org.au/render.html?it=4992
http://xforce.iss.net/xforce/alerts/id/193
Vendor URL: http://www.microsoft.com/
Microsoft Security Bulletin: MS05-021

Credit

Mark Dowd - Avertavertlabs.com - McAfee Avert(tm) Labs
Ben Layer - ISS X-Force

Direct URL: http://osvdb.org/15467

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Exchange Server

References

Credit