The SMTP protocol requires a MAIL FROM and a RCPT TO command for each e-mail message, to specify the sender and the recipient of the message. Normally, either the sender or the recipient of the message is a local user. If this is not the case, the server could be used as a mail relay, a host which routes a message from one host to another without being the originator or destination itself.
3/8/02
CVE 2002-0055
By sending a malformed version of a particular SMTP
command to the server, it is possible for a remote attacker to
cause the mail service to crash, and thus stop responding to
legitimate requests. Depending upon the system configuration,
it could also be possible to crash IIS services as well.
3/8/02
7/19/01
CVE 2001-0504
CVE 2002-0054
Due to two authentication flaws in the mail service, it
could be possible for a remote attacker to gain access
to the service without providing the proper authentication.
This vulnerability would not allow an attacker to gain
access to the underlying operating system or other services, or
to perform administrative actions on the mail service, but
it could allow an attacker to perform user-level actions
on the mail service, such as mail relaying. That is, the
mail server can be used to send any volume of messages with
arbitrary sender and recipient fields, which greatly facilitates
the spread of e-mail spam.
Note that the first variation of this vulnerability is only
exploitable on standalone servers, and not on servers which
are members of a domain. Also, Microsoft Exchange servers
are not affected because they correctly handle authentication
to the SMTP service.