Update: NNTP Vulnerability Extended to Exchange 2000
Microsoft Corp. on Wednesday night updated a security warning involving its NNTP service to extend the list of affected servers to include Exchange 2000.
The original bulletin, issued Tuesday night, identified the affected products as Windows 2000 Server and Windows NT 4.0 Server.
The bug involves the Network News Transport Protocol (NNTP).
Because of a memory leak in NNTP, an attacker sending malformed NNTP posts can bring down the server in a Denial-of-Service attack. Short of installing the patch, an administrator could fix the problem by restarting the IISAdmin service.
Limiting the scope of the vulnerability was the way NNTP had to be installed on Windows servers. On Windows NT 4.0 Servers, users had to manually select and install NNTP from the Option Pack. The service is native to Windows 2000, but is not installed by default, according to Microsoft.
But Exchange 2000 installs NNTP because it is configured by default to accept NNTP posts.
“Exchange 2000 leverages the Windows 2000 NNTP service, so any Exchange 2000 servers offering NNTP need the Windows 2000 patch,” Scott Culp, the program manager for Microsoft’s Security Response Center, told ENT.
Windows NT 4.0 Server, Windows 2000 Server and Exchange 2000 all use the same implementation of the NNTP service. Exchange 5.5 Server had its own implementation, which does not share the memory leak problem.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.