DOCUMENT:Q167710 25-APR-1999 [exchange] TITLE :XCLN: POP and IMAP Security Issues PRODUCT :Microsoft Exchange PROD/VER:WINDOWS:4.0,5.0;Win95:4.0,5.0;WinNT:4.0,5.0 OPER/SYS: KEYWORDS:kbusage ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Exchange Macintosh client, versions 4.0, 5.0 - Microsoft Exchange MS-DOS client, versions 4.0, 5.0 - Microsoft Exchange Windows 3.x client, versions 4.0, 5.0 - Microsoft Exchange Windows 95/98 client, versions 4.0, 5.0 - Microsoft Exchange Windows NT client, versions 4.0, 5.0 ------------------------------------------------------------------------------- The Computer Emergency Response Team Coordination Center (CERT/CC) recently released a warning memorandum that stated that certain implementations of Post Office Protocol (POP) and Internet Mail Access Protocol (IMAP) mail were vulnerable to a "Root Level" attack from outside agents. (Agents here means users or software designed to maliciously attack a foreign server or mail system.) Microsoft Exchange Clients are not vulnerable to such attacks. This kind of attack or security breach is only possible under certain iterations of the UNIX operating system; the problem is due to the way file and user access are offered. Because Microsoft Exchange Server is based on the Windows NT Server operating system, our products are not vulnerable to such attacks. For more information, please go to the following URL http://www.cert.org/ and view the following bulletin: CERT* Advisory CA-97.09 Original issue date: April 7, 1997 Last revised: April 18, 1997 ====================================================================== Keywords : kbusage Technology : kbHWMAC kbOSMAC kbExchangeSearch kbExchange500 kbExchange400 kbExchangeClientSearch kbZNotKeyword kbZNotKeyword2 kbZNotKeyword3 kbExchange400DOS kbExchange500DOS kbExchange500Mac kbExchange400Mac kbExchange400NT kbExchange500NT kbExchange400Win95 kbExchange500Win95 Version : WINDOWS:4.0,5.0;Win95:4.0,5.0;WinNT:4.0,5.0 ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 1999.