{"vuid":"VU#779163","idnumber":"779163","name":"Microsoft Exchange 2000 exhausts server resources while attempting to process malformed mail attributes","keywords":["Microsoft","Exchange 2000","DoS","denial of service","malformed mail attribute","consume all resources","Q320436","MS02-025","RFC2821","RFC2822"],"overview":"Microsoft Exchange 2000 contains a vulnerability that allows remote attackers to conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed.","clean_desc":"Microsoft Exchange 2000 contains a vulnerability in its handling of RFC2822 message headers. If an attacker connects directly to the Exchange server and submits a crafted message containing certain invalid headers, Exchange will consume all available CPU resources to process the message. Due to the way that messages are queued on the Exchange server, restarting the Exchange service or rebooting the server will not remove the message from the queue; it must be completely processed before the server can process any other requests.","impact":"Attackers can conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed.","resolution":"Apply a patch from your vendor Microsoft has released Microsoft Security Bulletin MS02-025 to address this issue. For more information, please see http://www.microsoft.com/technet/security/bulletin/ms02-025.asp","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by researchers at the Johannes Gutenberg University in Mainz, Germany.","author":"This document was written by Jeffrey P. Lanza based on information provided by Microsoft.","public":["http://www.microsoft.com/technet/security/bulletin/ms02-025.asp","http://www.ietf.org/rfc/rfc2822.txt","http://www.securityfocus.com/bid/4881"],"cveids":["CVE-2002-0368"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-05-29T20:07:55Z","publicdate":"2002-05-29T00:00:00Z","datefirstpublished":"2002-06-05T21:31:45Z","dateupdated":"2002-12-06T20:38:04Z","revision":32,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"7","cam_easeofexploitation":"8","cam_attackeraccessrequired":"20","cam_scorecurrent":"6.3","cam_scorecurrentwidelyknown":"7.35","cam_scorecurrentwidelyknownexploited":"9.45","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.3,"vulnote":null}