[ www.rootshell.com exclusive - 1/15/98 ] 01. Microsoft Exchange Server v5.0 Buffer Overflow -------------------------------------------------- IT MAY BE POSSIBLE TO EXECUTE ARBRITRARY CODE FROM REMOTE ON A MACHINE RUNNING EXCHANGE. Versions tested and found vulnerable : Microsoft Exchange Internet Mail Service 5.0.1457.7 Version NOT affected : Microsoft Exchange Internet Mail Service 5.5.1664.3 Microsoft Exchange appears to have a buffer overflow in versions prior to 5.5. The bug may be exploited with a long string in both the HELO/EHLO and MAIL FROM: phase. To exploit this bug simply telnet to port 25 of an exchange server and enter the following : HELO aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ continue with about two pages of a's and then hit enter ] Example #2 : HELO blah MAIL FROM: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ continue with about two pages of a's and then hit enter ] The exchange server will crash. It has not been verified if code can be put on the stack and executed under Windows NT. Someone more familiar with Windows will have to investigate. I will not even bother providing an example exploit.