theall at tenablesecurity
Dec 4, 2008, 8:23 AM
Post #2 of 2
On Dec 3, 2008, at 9:36 PM, Guillermo Trillo wrote:
Re: Exchange XEXCH50 Remote Buffer Overflow
[In reply to]
> I would like to know why I am getting this vulnerability "Exchange
> XEXCH50 Remote Buffer Overflow" on a Windows Server 2003 and an
> Exchange Server 2003.
> My understanding was that this vulnerability was applicable only to
> Exchange Server 5.5 or 2000.
MS03-046 says that their patch now requires authenticated connections
between Exchange servers in order to use an extended SMTP command such
as XEXCH50, yet the plugin seems to have been able to use it without
supplying any credentials.
To better diagnose the issue then, would you mind re-running the
plugin and sending me privately the traffic from the Exchange
server(s) flagged as vulnerable? You can do this by setting "debug" to
1 in the plugin (eg, "debug=1;") and running the plugin from the
commandline using nasl or taking a packet capture while doing a scan.
Thanks in advance,
theall [at] tenablesecurity
Nessus mailing list
Nessus [at] list