 |
SMTP flaws affect Windows 2000, XP
Microsoft this week has reported SMTP flaws that could
affect mainly users of Windows 2000 and Microsoft Exchange,
besides Windown XP. One of them concerns the authentication
process and the other concerns data tranfer request.
|
|
The first vulnerability posted in Microsoft's
security website was an authentication flaw that could
allow unauthorized users to authenticate to SMTP service.
This was posted yesterday and Microsoft began by explaining
that the SMTP service installs by default as part
of Windows 2000 server products and as part of the
Internet Mail Connector (IMC) for Microsoft Exchange
Server 5.5. |
The bulletin read that a vulnerability results in both
services because of a flaw in the way they handle a valid
response from the NTLM authentication layer of the underlying
operating system.
Apparently, the systems do not perform the additional
checking before granting a user access to the service.
"An attacker who exploited the vulnerability could
gain only user-level privileges on the SMTP service, thereby
enabling the attacker to use the service but not to administer
it," concluded the company.
Users of Microsoft Windows 2000 Server, Professional
and Advanced Server can download the patch at Windows
2000 Security Patch: SMTP Rollup. Users of Exchange
Server 5.5 can download it at Exchange
5.5 IMC Patch 2655.55.
The second warning relates to malformed data transfer
request that can cause Windows SMTP service to fail. A
flaw in implementation on Windows 2000. Windows XP Professional
and Exchange 2000 are known to contain a flaw that could
enable denial of service attacks to be mounted against
the service. Microsoft said the flaw involves how the
service handles a particular type of SMTP command used
to transfer the data that constitutes an incoming mail.
By sending a malformed version of this command, an attacker
could cause the SMTP service to fail.
Users of Windows 2000 Server, Professional and Advanced
Server can download the fix at Windows
2000 Security Patch: SMTP Rollup and Windows XP Professional
users can do so at Windows
XP Security Patch: SMTP Rollup.
(Sources: Microsoft)
Related news:
";
while ($row = mysql_fetch_array($sql_result2))
{
$news_id = $row["news_id"];
$title = $row["title"];
$url = $row["url"];
$image2 = $row["image2"];
$image_visible2 = $row["image_visible2"];
if(($colcounter=='1') && ($image_visible2=='Yes'))
{
echo "
|
|
";
}
if(($colcounter=='2') && ($image_visible2=='Yes'))
{
echo "
|
";
}
if(($colcounter=='3') && ($image_visible2=='Yes'))
{
echo "
|
";
}
$colcounter++;
}
echo "
";
//Create the SQL statement
$sql3 = "SELECT news_id, title, url, image2, image_visible2 from $NewsTable WHERE visible='$visible' AND publishing_time<'$nowtime' AND (description LIKE '%$keyword1%' OR description LIKE '%$keyword2%' OR description LIKE '%$keyword3%' OR description LIKE '%$keyword4%' OR description LIKE '%$keyword5%') AND image_visible2='$image_visible2_2' ORDER BY news_id DESC LIMIT 1,3";
//Execute the SQL statement
$sql_result3 = mysql_query($sql3, $link) or die ("Couldn't execute query: " .mysql_error() );
$colcounter = '4';
while ($row = mysql_fetch_array($sql_result3))
{
$news_id = $row["news_id"];
$title = $row["title"];
$url = $row["url"];
$image2 = $row["image2"];
$image_visible2 = $row["image_visible2"];
if(($colcounter=='4') && ($image_visible2=='Yes'))
{
echo "
|
|
";
}
if(($colcounter=='5') && ($image_visible2=='Yes'))
{
echo "
|
";
}
if(($colcounter=='6') && ($image_visible2=='Yes'))
{
echo "
|
";
}
$colcounter++;
}
echo "
";
while ($row = mysql_fetch_array($sql_result))
{
$news_id = $row["news_id"];
$title = $row["title"];
$url = $row["url"];
echo "- $title
";
}
echo " ";
//Close connection
mysql_close($link);
?>
Related links:
|
|
