Re: OT: Exchange (Was Re: OpenVMS - When downtime is not an option)

On Wed, 04 Jul 2007 07:13:56 -0700, <david20@xxxxxxxxxxxxxxxx> wrote:

In article <op.tuxztedb8vlggw@xxxxxxxxxxxxxx>, "Tom Linden" <tom-remove@xxxxxxxxxx> writes:
On Wed, 04 Jul 2007 05:30:16 -0700, <david20@xxxxxxxxxxxxxxxx> wrote:

In article <h8SdnWZlQ7mWVRfbnZ2dnUVZ_vmqnZ2d@xxxxxxxxxxxxxxxxxxxxxxxx>,
Bill Todd <billtodd@xxxxxxxxxxxxx> writes:
Main, Kerry wrote:

....

If the design and/or architecture of the OS platform allows an
application bug to provide access to protected data and/or provides
elevated rights on the system, does sit matter if it is an application
or kernel OS issue?

Clearly, that would be an OS bug (or at least a serious design flaw, if
indeed it were intentional rather than inadvertent) - *if* it had been
the case in this instance.

It was not: the bugs *only* affected Exchange Server. If Exchange
Server was designed such that it had to execute in a privileged
environment (such that once compromised itself it could compromise other
parts of the system as you describe above), rather than designed
modularly such that at most a few critical parts of it might require
privilege (certainly not including the parsing functions that these bugs
affected) and the rest could run unprivileged, that was an *Exchange
Server* design flaw, not a Windows flaw.


What is this "IF" ?

From http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx


"An attacker who successfully exploited this vulnerability could take
complete control of the affected system. An attacker could then install
programs; view, change or delete data; or create new accounts with full
user
rights"

Obviously this means that the codepath executed by the bug must run at a
high
privilege level. Whether that is because Exchange is running with higher
privileges than it really needs because of bad design and implementation
or
whether it is doing something which requires it to have high privileges
at that
point in time is not something easily judged without access to the design
documents and/or source of Exchange.

If as you seem to believe it is bad design and implementation in Exchange
causing it to run at higher privileges than needed then it is down to
those
designing and programming Exchange at Microsoft. However Exchange is a
Microsoft product and those same designers and programmers have probably
also
worked on the OS code during their careers and have had their code
reviewed
by the same quality control people.

Also similar bugs affect lots of Microsoft products which also result in
an attacker gaining complete control of the system. Hence similar
comments
apply to all those involved with the design and programming of those
products.

Hence either we have all these Microsoft designers and programmers making
similar mistakes (ie unnecessarily running their code with elevated
privileges
when parsing input data) for all these Microsoft Apllications but not
making
any mistakes in the OS or we have major problems in the OS which the
application programmers have trouble avoiding when writing their code.


As an aside, which I find disturbing, 3 of the 4 banks where I keep
accounts use
Exchange for the front-ends, and this is for online banking! Fortunately
they
are local so I can drive to them.

Do you mean that they are the banks main internet connected mail servers ie
the systems referred to in the Bank's MX records ?

I'm not sure what the position is with Exchange 2007 but for previous versions
of Exchange Microsoft recommended placing it on the internal network and having
something else directly connected to the internet proxying the mail to it.
Many organisations used a UNIX (or in some cases a VMS system running PMDF )
as the directly connected system though Microsoft would recommend routing
everything through their ISA proxy server/firewall product.

Well, now I am not sure, it was quite some time ago I looked at it using
http://www.rjlsoftware.com/software/internet/iserver/default.shtml
However, they apparently don't lookup https sites, so I couldn't now tell.

This was not for mail, but online banking. Some smaller banks outsource their
online banking it appears, e.g.,

http://www.rjlsoftware.com/software/internet/iserver/submit.cfm?Server=www.gfswebbank.com


David Webb
Security team leader
CCSS
Middlesex University




David Webb
Security team leader
CCSS
Middlesex University


- bill



--
PL/I for OpenVMS
www.kednos.com



--
PL/I for OpenVMS
www.kednos.com
.

Relevant Pages

  • Re: OpenVMS - When downtime is not an option
    ... application bug to provide access to protected data and/or provides ... the bugs *only* affected Exchange Server. ... Server* design flaw, not a Windows flaw. ... whether it is doing something which requires it to have high privileges at that ...
    (comp.os.vms)
  • Re: OpenVMS - When downtime is not an option
    ... Clearly, that would be an OS bug (or at least a serious design flaw, if indeed it were intentional rather than inadvertent) - *if* it had been the case in this instance. ... If Exchange Server was designed such that it had to execute in a privileged environment, rather than designed modularly such that at most a few critical parts of it might require privilege and the rest could run unprivileged, that was an *Exchange Server* design flaw, not a Windows flaw. ...
    (comp.os.vms)
  • Re: Bug: saving files not functioning properly
    ... That's not "actually" a bug ... "Working as designed" according to Microsoft. ... stupid and grossly inadequate design leading to a data-loss bug, ... it will read the AutoSave file. ...
    (microsoft.public.mac.office.word)
  • Re: Bug in Word
    ... As Terry and Jay have said, a bug is defined as something that does not work ... according to design. ... i think it's a bug & microsoft should correct it. ...
    (microsoft.public.word.application.errors)
  • Re: Shutdown takes long time, the longest living bug in Exchange :-)
    ... And if we are very luck we may have it in Microsoft Windows / Exchange Server Longhorn :-) ... By the way, I know there are a lot of workarounds, like running a script or changing the registry, but isn't time to fix that bug? ... >> defently nominate this shutdown bug, ...
    (microsoft.public.exchange.misc)
Loading