Details of VAR-199908-0031

ID

VAR-199908-0031

CVE

CVE-1999-0682

TITLE

Microsoft Exchange Server Vulnerabilities used as relay points for email

Trust: 0.8

sources: JVNDB: JVNDB-1999-000027

DESCRIPTION

Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Exchange Server MTA When this server is connected to the Internet, there is a problem that allows e-mail relaying by a third party from the outside. This can be done by inserting certain characters in the email. In addition, this issue can be used to target large emails that are large enough to be heavily loaded. Exchange Processing power can be taken away by sending from the server, and as a result DoS The attack will be successful. still, Microsoft IIS (Internet Information Server) 4.0/5.0 Implemented as standard SMTP A similar problem exists for services.Please refer to the “Overview” for the impact of this vulnerability. The vulnerability was originally announced in Microsoft Security Bulletin MS99-027 and reported to affect Exchange Server 5.5. Microsoft released a patch to fix the vulnerability for Exchange Server 5.5 only. There exists no patch for the IIS SMTP service. This vulnerability poses no threat to the data or software on the server, but could allow spam to be sent from the server without the administrator's knowledge or permission, and could lead to a Denial of Service condition if the volume of the mail relayed is sufficient

Trust: 2.16

sources: NVD: CVE-1999-0682 // JVNDB: JVNDB-1999-000027 // BID: 5213 // BID: 567

AFFECTED PRODUCTS

vendor:	microsoft	model:	exchange server	scope:	eq	version:	5.5	Trust: 3.0
vendor:	microsoft	model:	exchange server sp2	scope:	eq	version:	5.5	Trust: 0.6
vendor:	microsoft	model:	exchange server sp1	scope:	eq	version:	5.5	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 5213 // BID: 567 // JVNDB: JVNDB-1999-000027 // CNNVD: CNNVD-199908-009 // NVD: CVE-1999-0682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0682
value:	MEDIUM
Trust: 1.0
NVD:	CVE-1999-0682
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-199908-009
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-1999-0682
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-1999-000027 // CNNVD: CNNVD-199908-009 // NVD: CVE-1999-0682

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-DesignError	Trust: 0.8

sources: JVNDB: JVNDB-1999-000027 // NVD: CVE-1999-0682

THREAT TYPE

network

Trust: 0.6

sources: BID: 5213 // BID: 567

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199908-009

CONFIGURATIONS

sources: JVNDB: JVNDB-1999-000027

PATCH

title:	MS99-027	url:	http://www.microsoft.com/technet/security/bulletin/MS99-027.mspx	Trust: 0.8
title:	MS99-027	url:	http://www.microsoft.com/japan/technet/security/bulletin/MS99-027.mspx	Trust: 0.8
title:	Microsoft Exchange Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113230	Trust: 0.6

sources: JVNDB: JVNDB-1999-000027 // CNNVD: CNNVD-199908-009

EXTERNAL IDS

db:	BID	id:	567	Trust: 2.7
db:	NVD	id:	CVE-1999-0682	Trust: 2.4
db:	BID	id:	5213	Trust: 1.1
db:	JVNDB	id:	JVNDB-1999-000027	Trust: 0.8
db:	CNNVD	id:	CNNVD-199908-009	Trust: 0.6

sources: BID: 5213 // BID: 567 // JVNDB: JVNDB-1999-000027 // CNNVD: CNNVD-199908-009 // NVD: CVE-1999-0682

REFERENCES

url:	http://www.securityfocus.com/bid/567	Trust: 2.4
url:	http://www.ciac.org/ciac/bulletins/j-056.shtml	Trust: 1.6
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-027	Trust: 1.6
url:	http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq237927	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0682	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0682	Trust: 0.8
url:	http://www.securityfocus.com/bid/5213	Trust: 0.8
url:	http://support.microsoft.com/default.aspx?scid=kb;[ln];q237927	Trust: 0.6
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-027.asp	Trust: 0.3
url:	http://www.microsoft.com/technet/security/bulletin/fq99-027.asp	Trust: 0.3
url:	http://home.win2000archives.com/2000/bugs/ms_exchange__9.html	Trust: 0.3
url:	http://support.microsoft.com/support/kb/articles/q282/0/92.asp	Trust: 0.3
url:	http://support.microsoft.com/support/kb/articles/q237/9/27.asp	Trust: 0.3

sources: BID: 5213 // BID: 567 // JVNDB: JVNDB-1999-000027 // CNNVD: CNNVD-199908-009 // NVD: CVE-1999-0682

CREDITS

Discovered and reported to Microsoft by Laurent Frinking of Quark Deutschland GmbH.

Trust: 0.9

sources: BID: 567 // CNNVD: CNNVD-199908-009

SOURCES

db:	BID	id:	5213
db:	BID	id:	567
db:	JVNDB	id:	JVNDB-1999-000027
db:	CNNVD	id:	CNNVD-199908-009
db:	NVD	id:	CVE-1999-0682

LAST UPDATE DATE

2024-08-14T14:42:23.746000+00:00

SOURCES UPDATE DATE

db:	BID	id:	5213	date:	2002-07-12T00:00:00
db:	BID	id:	567	date:	1999-08-06T00:00:00
db:	JVNDB	id:	JVNDB-1999-000027	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-199908-009	date:	2020-04-07T00:00:00
db:	NVD	id:	CVE-1999-0682	date:	2023-11-07T01:55:00.800

SOURCES RELEASE DATE

db:	BID	id:	5213	date:	2002-07-12T00:00:00
db:	BID	id:	567	date:	1999-08-06T00:00:00
db:	JVNDB	id:	JVNDB-1999-000027	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-199908-009	date:	1999-08-06T00:00:00
db:	NVD	id:	CVE-1999-0682	date:	1999-08-06T04:00:00