SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Microsoft Exchange Vendors:   Microsoft
Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
SecurityTracker Alert ID:  1003469
SecurityTracker URL:  http://securitytracker.com/id/1003469
CVE Reference:   CVE-2002-0049   (Links to External Site)
Date:  Feb 7 2002
Impact:   Disclosure of system information, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Microsoft reported a vulnerability in Microsoft Exchange 2000 in the Microsoft Exchange System Attendant core component. A remote user can view the registry and may be able to make changes to the registry.

It is reported that the Microsoft Exchange System Attendant is designed to make changes to permissions on the Windows Registry to allow Exchange Administrators to remotely update Registry configuration settings. According to the vendor, the System Attendant contains a flaw that could allow a remote user to access configuration information on the server.

This flaw apparently gives the "Everyone" group privileges to access the WinReg key, which controls the ability of users and groups to remotely connect to the Registry. Only Administrators should be given this ability (in a default configuration). The key is located at:

HKEY_LOCAL_MACHINE\SYSTEM\\CurrentControlSet\Control\SecurePipeServers\winreg

Microsoft reports that it may be possible for the remote user to make changes to the Registry, depending on the permissions of the specific keys within the Registry itself.

To exploit this flaw, the remote user must be able to send SMB traffic to and from the target server.

Microsoft assigns this vulnerability a "low" risk rating for Internet and Intranet servers.

Microsoft credits Eitan Caspi for reporting this issue.

Impact:   A remote user can view registry settings. A remote user may be able to modify registry settings.
Solution:   The vendor has released a fix. Patches for Microsoft Exchange Server 2000 are available at:
http://www.microsoft.com/downloads/release.asp?ReleaseID=35462

This patch can reportedly be installed on systems running Microsoft Exchange 2000 SP2. The vendor plans to include this fix in Microsoft Exchange 2000 SP3.

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS02-003.asp (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Microsoft Security Bulletin MS01-003


Exchange 2000 System Attendant Incorrectly Sets Remote Registry
Permissions

http://www.microsoft.com/technet/security/bulletin/MS02-003.asp

Microsoft reported a vulnerability in Microsoft Exchange 2000 in the
Microsoft Exchange System Attendant core component.

It is reported that the Microsoft Exchange System Attendant is designed
to make changes to permissions on the Windows Registry to allow Exchange
Administrators to remotely update Registry configuration settings. 
According to the vendor, the System Attendant contains a flaw that could
allow a remote user to access configuration information on the server. 

This flaw apparently gives the "Everyone" group privileges to access the
WinReg key, which controls the ability of users and groups to remotely
connect to the Registry.  Only Administrators should be given this
ability (in a default configuration).  The key is located at:

HKEY_LOCAL_MACHINE\SYSTEM\\CurrentControlSet\Control\SecurePipeServers\winreg

Microsoft reports that it may be possible for the remote user to make
changes to the Registry, depending on the permissions of the specific
keys within the Registry itself.

To exploit this flaw, the remote user must be able to send SMB traffic
to and from the target server. 

Patches for Microsoft Exchange Server 2000 are available at:
           
http://www.microsoft.com/downloads/release.asp?ReleaseID=35462 

This patch can reportedly be installed on systems running Microsoft
Exchange 2000 SP2.  The vendor plans to include this fix in Microsoft
Exchange 2000 SP3. 

Microsoft credits Eitan Caspi for reporting this issue. 

Pending KB Article: Q316056

Microsoft assigns this vulnerability a "low" risk rating for Internet
and Intranet servers.

CVE: CAN-2002-0049


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC