PT-2002-1146 · Microsoft · Windows 2000+1

Published

2002-03-08

Updated

2020-04-09

CVE-2002-0054

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 Exchange Server 5.5

Description The issue arises from the SMTP service's improper handling of responses to NTLM authentication. This allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

Recommendations For Microsoft Windows 2000, apply the necessary security updates to address the issue. For Exchange Server 5.5, consider restricting access to the SMTP AUTH command until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-294

Related Identifiers

CVE-2002-0054

Affected Products

Exchange 5.5 Server

Windows 2000

PT-2002-1146 · Microsoft · Windows 2000+1

CVE-2002-0054

Weakness Enumeration

Related Identifiers

Affected Products

References · 5