Update Protection Against Microsoft Exchange SMTP MIME Vulnerability (MS07-026)
| Check Point Reference: | CPAI-2007-094 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS07-026 | |
| Industry Reference(s): | CVE-2007-0213 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Exchange 2000 Server SP3 with the Exchange 2000 Post-SP3 Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2007 | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in Microsoft Exchange Server. The Microsoft Exchange Server is an implementation of an email server capable of handling numerous Internet protocol, including the Simple Mail Transfer Protocol (SMTP). A remote attacker can exploit this issue to crash the vulnerable service or to execute arbitrary code on the target system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS07-026 |
|
|
Vulnerability Details The vulnerability is due to a boundary error in the Microsoft Exchange Server that fails to properly process MIME content inside email messages. Multipurpose Internet Mail Extensions (MIME) is a protocol for defining file attachments for the Web. An attacker can exploit this vulnerability via a crafted email with a MIME attachment. Successful exploitation may allow an attacker to create a denial of service condition or execute arbitrary code on an affected server. |
Protection Overview
By enabling this protection, SmartDefense will detect and block vulnerable MIME Attachments.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The update released on September 18, 2007 includes the following protections:
Squid Proxy TRACE Request Denial of Service Vulnerability (CPAI-2007-084)
Microsoft Exchange Server iCal Denial of Service Vulnerability (MS07-026) CPAI-2007-081
Microsoft Exchange SMTP MIME Vulnerability (MS07-026) CPAI-2007-094
Yahoo! Widgets YDP ActiveX Control Buffer Overflow Vulnerability (CPAI-2007-105)
Multiple Trend Micro ServerProtect Buffer Overflow Vulnerabilities (CPAI-2007-106)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Mail > SMTP > Block Crafted MIME Message (MS07-026).
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SMTP Protection Violation
Attack Information: Crafted MIME message (MS07-026)
VPN-1 NGX R61 & R60
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > SMTP.
2. Select the following protection:
Block Crafted MIME Message (MS07-026)
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SMTP Protection Violation
Attack Information: Crafted MIME message (MS07-026)
Connectra NGX R62 & R61
How Can I Protect My Network?
1. In the left-hand menu, click Security > SmartDefense > Application Intelligence.
2. In the Dynamic Attacks pane, select the following:
Block Crafted MIME Message (MS07-026)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
In case of an attack, the following log entries will be displayed:
Attack Name: SMTP Protection Violation
Attack Information: Crafted MIME message (MS07-026)