VULHUB ™

A vulnerability has been reported in the Microsoft Windows 2000 SMTP service and Microsoft Exchange Server Internet Mail Connector service. This issue may allow an attacker to gain unauthorized user-level access to the SMTP service on a vulnerable host. The consequences of this issue are that an attacker may potentially exploit this vulnerability to turn the server into a mail relay. Systems running Microsoft Exchange 2000 are not prone to this issue. ** The advisory on this issue released by the BindView RAZOR team states that a user connecting through a NULL session can also exploit this vulnerability. Support for NULL sessions is enabled by default. This enables anonymous users who have not authenticated through NTLM to use the server as a mail relay.

A vulnerability has been reported in the Microsoft Windows 2000 SMTP service and Microsoft Exchange Server Internet Mail Connector service. This issue may allow an attacker to gain unauthorized user-level access to the SMTP service on a vulnerable host. The consequences of this issue are that an attacker may potentially exploit this vulnerability to turn the server into a mail relay. Systems running Microsoft Exchange 2000 are not prone to this issue. ** The advisory on this issue released by the BindView RAZOR team states that a user connecting through a NULL session can also exploit this vulnerability. Support for NULL sessions is enabled by default. This enables anonymous users who have not authenticated through NTLM to use the server as a mail relay.