Blocking Null Prefix in DNS MX Records
 |
 |
 |
 |
 |
A denial of service vulnerability has been reported in the way that Microsoft Windows Simple Mail Transfer Protocol (SMTP) component handles specially crafted DNS Mail Exchanger (MX) resource records. A remote attacker may trigger this vulnerability via a specially crafted DNS request with a null prefix in the MX record. Successful exploitation of this issue could cause the affected system to stop accepting requests.
The mail exchange (MX) resource record specifies a mail exchange server for a DNS domain name. The vulnerability is due to an error in the Microsoft Windows SMTP component that incorrectly parses specially crafted DNS Mail Exchanger (MX) records. Successful exploitation of this issue will create a denial of service condition, causing the SMTP service to stop responding until restarted.
Check Point provides immediate protection against this vulnerability through its integrated IPS offerings. Check Point SmartDefense and the IPS Software Blade detect and block attempts to use a null prefix in DNS MX records. For more information, see SBP-2010-16.