Vulnerability Description
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 5.5 |
| Microsoft | Windows 2000 | - |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=101501580409373&w=2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/4205PatchThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-01PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=101501580409373&w=2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/4205PatchThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-01PatchVendor Advisory
FAQ
What is CVE-2002-0054?
CVE-2002-0054 is a vulnerability with a CVSS score of 7.5 (HIGH). SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perf...
How severe is CVE-2002-0054?
CVE-2002-0054 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0054?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server, Microsoft Windows 2000.