[Am-info] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
Fred A. Miller
fm@cupserv.org
Tue, 13 Aug 2002 13:37:02 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of=20
Service Vulnerability
BugTraq ID: 5413
Remote: Yes
Date Published: Aug 06 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5413
Summary:
A vulnerability has been reported for Microsoft Exchange 2000.
Allegedly, Exchange 2000 will experience a denial of service condition
when an authenticated user makes many requests. The vulnerability is due
to IIS incorrectly allocating licenses to Exchange. Making numerous,=20
rapid requests will exhaust available licenses granted to Exchange by=20
IIS.
Successful exploitation of this vulnerability will result in Exchange=20
not responding to further, legitimate requests for service.
This vulnerability has been reported for Microsoft Exhange 2000. It is=20
not known whether other versions are affected. This BID will be updated=20
as further information becomes available.
- --=20
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
- --- SuSE Linux v8.0 Pro, KMail 3.0.1---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj1ZQ74ACgkQB9vk4ichYXfQkgCguLnSPA06qGN7xzvP504NH1zi
OGsAoLNLkhGc/h+OOyhc93HRLrMbL8Vg
=3DK7S8
-----END PGP SIGNATURE-----