S-00-03.htm
40b09d95cf0eb4c1451ad648d84c475962494c541e3228f35296a85e7def670c
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 3.0">
<title>CERT-NL S-00-03</title>
</head>
<body link="#009966" vlink="#006041">
<div align="left">
<table border="0" width="100%" cellspacing="0">
<tr>
<td colspan="3" bgcolor="#009966" width="760"><blockquote>
<p><font face="Arial"><strong><big>Security Advisory</big></strong></font></p>
</blockquote>
</td>
<td colspan="2" align="right" bgcolor="#009966" width="103"><img src="../../hs-kader-logo.gif" alt="hs-kader-logo.gif (586 bytes)" WIDTH="100" HEIGHT="41"></td>
<td align="center" bgcolor="#009966" colspan="2" width="95"><strong><font face="Arial">CERT-NL</font></strong></td>
</tr>
<tr>
<td width="115" bgcolor="#99CC99">Author/Source</td>
<td width="6" bgcolor="#99CC99">:</td>
<td width="100%">Teun Nijssen</td>
<td width="96" bgcolor="#99CC99">Index</td>
<td colspan="2" width="6" bgcolor="#99CC99">:</td>
<td align="right" width="90">S-00-03</td>
</tr>
<tr>
<td width="115" bgcolor="#99CC99">Distribution</td>
<td width="6" bgcolor="#99CC99">:</td>
<td width="627">World</td>
<td width="96" bgcolor="#99CC99">Page</td>
<td colspan="2" width="6" bgcolor="#99CC99">:</td>
<td align="right" width="90">1</td>
</tr>
<tr>
<td width="115" bgcolor="#99CC99">Classification</td>
<td width="6" bgcolor="#99CC99">:</td>
<td width="627">External</td>
<td width="96" bgcolor="#99CC99">Version</td>
<td colspan="2" width="6" bgcolor="#99CC99">:</td>
<td align="right" width="90">1</td>
</tr>
<tr>
<td width="115" bgcolor="#99CC99" valign="top">Subject</td>
<td width="6" bgcolor="#99CC99" valign="top">:</td>
<td width="627" bgcolor="#d4d4d4"><strong><big>Buffer overflow Miscrosoft MCIS mail server</big></strong></td>
<td width="96" bgcolor="#99CC99" valign="top">Date</td>
<td colspan="2" width="6" bgcolor="#99CC99" valign="top">:</td>
<td align="right" width="90" bgcolor="#D4D4D4" valign="top">05-Jan-2000</td>
</tr>
</table>
</div>
<p>By courtesy of Microsoft Product Security we received information on a vulnerability in
the Microsoft Commercial Internet System (MCIS) Mail server.</p>
<p>CERT-NL recommends to apply the patches mentioned below.</p>
<hr>
<h3>Summary</h3>
<blockquote>
<p>Microsoft has released a patch that eliminates a vulnerability in the Microsoft(r)
Commercial Internet System (MCIS) Mail server. The vulnerability could allow a malicious
user to remotely cause services on the server to fail, or cause arbitrary code to run on
the server.</p>
</blockquote>
<blockquote>
<p>Frequently asked questions regarding this vulnerability can be found at <a href="http://www.microsoft.com/security/bulletins/00/MS00-001faq.asp">http://www.microsoft.com/security/bulletins/00/MS00-001faq.asp</a>.</p>
</blockquote>
<h3>Issue</h3>
<blockquote>
<p>The IMAP service included in MCIS Mail has an unchecked buffer. If a malformed request
containing random data were passed to the service, it could cause the web publishing,
IMAP, SMTP, LDAP and other services to crash. If the malformed request contained specially
crafted data, it could also be used to run arbitrary code on the server via a classic
buffer overrun attack.</p>
</blockquote>
<h3>Affected Software Versions</h3>
<blockquote>
<p>- Microsoft Commercial Internet System 2.0 and 2.5.</p>
</blockquote>
<h3>Patch Availability</h3>
<blockquote>
<ul>
<li>Intel:<br>
<a href="http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17124">http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17124</a></li>
<li>Alpha:<br>
<a href="http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17122">http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17122</a></li>
</ul>
</blockquote>
<blockquote>
<p>NOTE: Additional security patches are available at the Microsoft Download Center</p>
</blockquote>
<h3>More Information</h3>
<blockquote>
<p>Please see the following references for more information related to this issue.</p>
</blockquote>
<blockquote>
<ul>
<li>Frequently Asked Questions: Microsoft Security Bulletin MS00-001, <a href="http://www.microsoft.com/security/bulletins/00/MS00-001faq.asp">http://www.microsoft.com/security/bulletins/00/MS00-001faq.asp</a>.</li>
<li>Microsoft Knowledge Base (KB) article Q246731,<br>
MCIS: MCIS Mail Services unexpectedly stop,<br>
<a href="http://support.microsoft.com/support/kb/articles/q246/7/31.asp">http://support.microsoft.com/support/kb/articles/q246/7/31.asp</a>.<br>
(Note: It may take 24 hours from the original posting of this bulletin for the KB article
to be visible.)</li>
<li>Microsoft Security Advisor web site,<br>
<a href="http://www.microsoft.com/security/default.asp">http://www.microsoft.com/security/default.asp</a>.</li>
</ul>
</blockquote>
<h3>Obtaining Support on this Issue</h3>
<blockquote>
<p>This is a fully supported patch. Information on contacting Microsoft Technical Support
is available at <a href="http://support.microsoft.com/support/contact/default.asp">http://support.microsoft.com/support/contact/default.asp</a>.</p>
</blockquote>
<h3>Acknowledgments</h3>
<blockquote>
<p>Microsoft acknowledges Tristan Goode for bringing this issue to our attention.</p>
</blockquote>
<hr>
<p><font color="#006041"><strong>CERT-NL</strong> </font>is the Computer Emergency
Response Team for SURFnet customers. SURFnet is the Dutch network for educational,
research and related institutes. <strong><font color="#006041">CERT-NL</font></strong> is
a member of the Forum of Incident Response and Security Teams (<a href="http://www.first.org">FIRST</a>).</p>
<p>All <strong><font color="#006041">CERT-NL</font></strong> material is available under:<br>
<a href="http://cert.surfnet.nl/">http://cert.surfnet.nl/</a></p>
<p>In case of computer or network security problems please contact your local
CERT/security-team or<font color="#006041"> <strong>CERT-NL</strong></font> (if your
institute is NOT a SURFnet customer please address the appropriate (local)
CERT/security-team).</p>
<p><strong><font color="#006041">CERT-NL</font></strong> is one/two hour(s) ahead of UTC
(GMT) in winter/summer,<br>
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).</p>
<div align="left">
<table border="0" width="80%" bgcolor="#DCDCDC" cellspacing="0" height="192">
<tr>
<td valign="top" height="24">Email:</td>
<td height="24"><a href="mailto:cert-nl@surfnet.nl">cert-nl@surfnet.nl</a></td>
<td height="24">ATTENDED REGULARLY ALL DAYS</td>
</tr>
<tr>
<td valign="top" height="24">Phone:</td>
<td height="24">+31 302 305 305</td>
<td height="24">BUSINESS HOURS ONLY</td>
</tr>
<tr>
<td valign="top" height="24">Fax: </td>
<td height="24">+31 302 305 329 </td>
<td height="24">BUSINESS HOURS ONLY</td>
</tr>
<tr>
<td valign="top" height="112">Snailmail:</td>
<td height="112">SURFnet bv<br>
Attn. CERT-NL<br>
P.O. Box 19035<br>
NL - 3501 DA UTRECHT<br>
The Netherlands</td>
<td height="112">.</td>
</tr>
</table>
</div>
<p>NOODGEVALLEN: 06 22 92 35 64 ALTIJD
BEREIKBAAR<br>
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES<br>
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:<br>
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING
WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER.
CERT-NL WILL THEN CONTACT YOU.</p>
<hr>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr align="left" valign="top">
<td><img src="../../hs-c-1999.gif" alt="copyright
SURFnet 1999" WIDTH="100" HEIGHT="19"><a href="mailto:redactie@SURFnet.nl"><br>
<img src="../../hs-email-red.gif" border="0" alt="email
naar redactie@SURFnet.nl" WIDTH="100" HEIGHT="26"></a></td>
<td width="100%" bgcolor="#C0C0C0"><table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr align="left" valign="top">
<td><img src="../../n-route.gif" border="0" alt="<-" WIDTH="19" HEIGHT="20"></td>
<td width="100%" valign="middle"><font face="Geneva, Arial" size="1"><a href="http://www.surfnet.nl/home.html" target="_top">Homepage</a> | <a href="http://www.surfnet.nl/diensten/">Diensten </a>| <a href="http://www.surfnet.nl/diensten/beveiliging/">Beveiliging</a> | <a href="http://www.surfnet.nl/diensten/beveiliging/cert" target="_top">CERT-NL home</a>|:</font></td>
</tr>
<tr align="left" valign="top">
<td colspan="2"><img src="/images/n-verlooplijn.gif" width="142" height="5" border="0" alt="-------------------"></td>
</tr>
<tr align="left" valign="top">
<td><a href="#top"><img src="../../n-top.gif" border="0" alt="<-" WIDTH="19" HEIGHT="20"></a></td>
<td width="100%" valign="middle"><font face="Geneva,
Arial" size="1"><a href="#top">Naar
begin van deze pagina</a></font></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>