HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2007-84
Microsoft Windows Active Directory Vulnerabilities

Original Issue Date: July 11, 2007

Severity Rating: High

Systems Affected

  • Windows 2000 Server Service Pack 4
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

Overview

Two vulnerabilities have been reported in Windows Active Directory. Successful exploitation of the one of these vulnerabilities may compromise a vulnerable system and provide complete control to the attacker.

Description

LDAP (Lightweight Directory Access Protocol) is an industry-standard protocol that enables authorized users to query or modify the data in a meta directory. In Windows Server 2000 and Windows Server 2003, LDAP is one protocol used to access data in the Active Directory.

 By sending a specially-crafted LDAP request containing a larger than expected number of convertible attributes, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

1)Windows Active Directory Remote Code Execution Vulnerability- (CVE-2007-0040)

This is a remote code execution vulnerability caused due to the LDAP service which performs insufficient checks for the number of convertible attributes included in a LDAP request.

On Windows Server 2003, the attacker must have valid authentication credentials to exploit this vulnerability.

Successful exploitation of this vulnerability could provide complete control of an affected system remotely.

2) Windows Active Directory Denial of Service Vulnerability- (CVE-2007-3028)

This is a denial of service vulnerability caused due to the LDAP service which performs insufficient checks for the number of convertible attributes included in a LDAP request.

Successful exploitation of this vulnerability could cause the affected system to stop responding.


Workarounds:

  • Block TCP ports 389 and 3268 in both inbound and outbound ways
  • Use Internet Protocol Security (IPSec) to help protect network communications

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS07-039

Vendor information

Microsoft:
http://www.microsoft.com/technet/security/Bulletin/ms07-039.mspx

 
References

Secunia:
http://secunia.com/advisories/26002/

Security Tracker:
http://securitytracker.com/alerts/2007/Jul/1018355.html

FrSirt:
http://www.frsirt.com/english/advisories/2007/2481

SecurityFocus:
http://www.securityfocus.com/bid/24800

ISS:
http://xforce.iss.net/xforce/xfdb/35179

CVE Name:
CVE-2007-0040
CVE-2007-3028

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003