-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================================================================
>>                                                      CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl.  Links  <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>>                                                                           <<
>> CERT-NL also has stopped the CERT-CC-Mirror service.  Due to this the     <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the  <<
>> complete CERT-CC advisory texts:                     http://www.cert.org  <<
===============================================================================
===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : Teun Nijssen                                Index  :    S-00-03
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : Buffer overflow Miscrosoft MCIS mail server Date   :05-Jan-2000
===============================================================================

By courtesy of Microsoft Product Security we received information on a
vulnerability in the Microsoft Commercial  Internet System (MCIS) Mail server.

CERT-NL recommends to apply the patches mentioned below.
==============================================================================

Summary
=======
Microsoft has released a patch that eliminates a vulnerability in the
Microsoft(r) Commercial  Internet System (MCIS) Mail server. The
vulnerability could allow a malicious user to remotely  cause services on
the server to fail, or cause arbitrary code to run on the server.

Frequently asked questions regarding this vulnerability can be found at
http://www.microsoft.com/security/bulletins/00/MS00-001faq.asp.

Issue
=====
The IMAP service included in MCIS Mail has an unchecked buffer. If a
malformed request containing random data were passed to the service, it
could cause the web publishing, IMAP, SMTP, LDAP and other services to
crash. If the malformed request contained specially crafted data, it could
also be used to run arbitrary code on the server via a classic buffer
overrun attack.

Affected Software Versions
==========================
 - Microsoft Commercial Internet System 2.0 and 2.5.

Patch Availability
==================
 - Intel:
   http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17124

 - Alpha:
   http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17122

NOTE: Additional security patches are available at the Microsoft Download
Center

More Information
================
Please see the following references for more information related to this
issue.
 - Frequently Asked Questions: Microsoft Security Bulletin MS00-001,
   http://www.microsoft.com/security/bulletins/00/MS00-001faq.asp.
 - Microsoft Knowledge Base (KB) article Q246731,
   MCIS: MCIS Mail Services unexpectedly stop,
   http://support.microsoft.com/support/kb/articles/q246/7/31.asp.
   (Note: It may take 24 hours from the original posting of this
   bulletin for the KB article to be visible.)
 - Microsoft Security Advisor web site,
   http://www.microsoft.com/security/default.asp.

Obtaining Support on this Issue
===============================
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at
http://support.microsoft.com/support/contact/default.asp.

Acknowledgments
===============
Microsoft acknowledges Tristan Goode for bringing this issue to our
attention.

==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
  http://cert.surfnet.nl/

In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 22 92 35 64      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOL6IBTSYjBqwfc9jEQJblACg3GX2xHujyhHkLj9Jj7ShDd/QGbkAoKS0
F7gV5kYAFvnkeko3th6FZyqp
=QL9X
-----END PGP SIGNATURE-----