Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
BID:1958
Info
Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
| Bugtraq ID: | 1958 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 16 2000 12:00AM |
| Updated: | Nov 16 2000 12:00AM |
| Credit: | Publicized in a Microsoft Security Bulletin (MS00-088) on November 16, 2000. |
| Vulnerable: |
Microsoft Exchange Server 2000 |
| Not Vulnerable: | |
Discussion
Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
Microsoft Exchange 2000 Server is a messaging and collaboration application designed specifically for Windows 2000.
During the installation of Exchange 2000 Server, the user account EUSR_EXSTOREEVENT is automatically created. It is assigned a simple hard coded password and the privilege level the account possesses depends on what type of server Exchange is installed on. If Exchange is installed on a member server, the EUSR_EXSTOREEVENT would have the same privileges equivalent to a normal local user. However, if it is installed on a domain controller, the account would possess Domain User rights which would heighten the impact a malicious user may have because their actions may span across an entire domain.
A remote intruder could log onto Exchange 2000 Server if they were aware of the username and password. Successful exploitation would grant the user access to files that the EUSR_EXSTOREEVENT account had read, write, and execute permissions to. The malicious user may also install other programs or exploit other vulnerabilities in order to aid them in escalating their privilege level.
Microsoft Exchange 2000 Server is a messaging and collaboration application designed specifically for Windows 2000.
During the installation of Exchange 2000 Server, the user account EUSR_EXSTOREEVENT is automatically created. It is assigned a simple hard coded password and the privilege level the account possesses depends on what type of server Exchange is installed on. If Exchange is installed on a member server, the EUSR_EXSTOREEVENT would have the same privileges equivalent to a normal local user. However, if it is installed on a domain controller, the account would possess Domain User rights which would heighten the impact a malicious user may have because their actions may span across an entire domain.
A remote intruder could log onto Exchange 2000 Server if they were aware of the username and password. Successful exploitation would grant the user access to files that the EUSR_EXSTOREEVENT account had read, write, and execute permissions to. The malicious user may also install other programs or exploit other vulnerabilities in order to aid them in escalating their privilege level.
Exploit / POC
Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
At this time, the password for the EUSR_EXSTOREEVENT account is not known by the staff at SecurityFocus <[email protected]>. Please see the Discussion for further details regarding this vulnerability.
At this time, the password for the EUSR_EXSTOREEVENT account is not known by the staff at SecurityFocus <[email protected]>. Please see the Discussion for further details regarding this vulnerability.
Solution / Fix
Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
Solution:
Microsoft has provided instructions on how to disable the EUSER_EXSTOREEVENT user account. Please see the following knowledge base article for further information:
http://www.microsoft.com/technet/support/kb.asp?ID=278523
In addition, Microsoft has released the following tool which automates the process detailed in the knowledge base article:
Microsoft Exchange Server 2000
Solution:
Microsoft has provided instructions on how to disable the EUSER_EXSTOREEVENT user account. Please see the following knowledge base article for further information:
http://www.microsoft.com/technet/support/kb.asp?ID=278523
In addition, Microsoft has released the following tool which automates the process detailed in the knowledge base article:
Microsoft Exchange Server 2000
References
Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
References:
References: