Announcement

Collapse
No announcement yet.

Security Holes on Exchange

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Holes on Exchange

    I have to run PCI DSS scan quarterly in order to set my server secure for merchant with credit cards.

    After my last scan I have two security holes
    1) "Microsoft Exchange X-LINK2STATE Heap Overflow PoC".

    Security hole found on port/service "smtp (25/tcp)" Plugin "Microsoft Exchange X-LINK2STATE Heap Overflow PoC" Category "SMTP problems " Priority "Medium Priority"
    Description : Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
    Synopsis : Provides unauthorized access
    Allows partial confidentiality, integrity, and availability violation Allows unauthorized disclosure of information Allows disruption of service
    Risk factor : CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Solution : Apply latest patches from Microsoft.

    2) "Mail relaying (thorough test)"

    Description:
    Synopsis :

    An open SMTP relay is running on this port.

    Description :

    The remote SMTP server is insufficiently protected against relaying.
    This means that it allows spammers to use your mail server to send
    their mails to the world, thus wasting your network bandwidth.

    Solution :

    Reconfigure your SMTP server so that it cannot be used as a relay
    any more.


    My server is SBS 2003 Standard with Exchange server 2003 SP2.

    Any help would be great.

    Thanks.

  • #2
    Re: Security Holes on Exchange

    Simple google search brings that your first error might be related to a installation of other programs, did you installed something between this and the scan before?

    Also regarding open relay a google search would help, you might want to check:
    http://www.amset.info/exchange/smtp-openrelay.asp

    Comment


    • #3
      Re: Security Holes on Exchange

      The simple question has to be whether the server is fully patched? If not, then patch it.
      Exchange is not patched by Windows Update, you have to switch to Microsoft Update or use WSUS.

      As for the second point, if you are running the scan internally then it is quite possible for the server to throw an open relay error even when it is not.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Security Holes on Exchange

        Originally posted by Sembee View Post
        The simple question has to be whether the server is fully patched? If not, then patch it.
        Exchange is not patched by Windows Update, you have to switch to Microsoft Update or use WSUS.

        As for the second point, if you are running the scan internally then it is quite possible for the server to throw an open relay error even when it is not.

        Simon.
        1) I have recently patched it up but using Windows Update and not Microsoft. How do I get to Microsoft Update to run on SBS2003?

        2) The scan was done from a 3rd party (hackerguardian.com).

        Comment


        • #5
          Re: Security Holes on Exchange

          Start Windows Update on the server. When the page has loaded, click the Microsoft Update button at the top. It will then load a new ActiveX control which is Microsoft update - includes updates for all Microsoft products.

          If you are an open relay from the outside source then you need to close that quickly. Running the Configure Email and Connect to the Internet wizard will usually correct it, but in a few cases it can actually be a firewall issue.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Security Holes on Exchange

            FYI,

            I ran all MS and Windows Updates but when I run the vulnerability scan, we're still getting the "Microsoft Exchange X-LINK2STATE Heap Overflow PoC" security hole.

            Any other recommendations?

            KSIB

            Comment

            Working...
            X