SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Microsoft Exchange Vendors:   Microsoft
Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1024888
SecurityTracker URL:  http://securitytracker.com/id/1024888
CVE Reference:   CVE-2010-3937   (Links to External Site)
Date:  Dec 14 2010
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2007 SP2; and prior service packs
Description:   A vulnerability was reported in Microsoft Exchange Server. A remote authenticated user can cause denial of service conditions.

A remote authenticated user can send specially crafted RPC data to cause the target service to stop responding.

A manual restart is required to return the system to normal operations.

Exchange servers that have the Mailbox Server role are affected.

Oleksandr Mirosh (via TippingPoint's Zero Day Initiative) reported this vulnerability.

Impact:   A remote authenticated user can cause denial of service conditions on the target system.
Solution:   The vendor has issued the following fix:

Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=7b983156-9e9f-4d29-9e9b-2369747e3b62

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-106.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-106.mspx (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (2003), Windows (2008), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC