HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-161
Microsoft Windows Active Directory Buffer Overflow Vulnerability

Original Issue Date:October 16, 2008

Severity Rating: High

Systems Affected

  • Microsoft Windows 2000 Server Service Pack 4

Overview

A remote code execution vulnerability has been reported in implementations of Active Directory on Microsoft Windows 2000 Server, successful exploitation of which could allow an attacker to take complete control of the affected system.

Description

 Active Directory provides central authentication and authorization services for Windows-based computers.

Lightweight Directory Access Protocol (LDAP) is an open network protocol standard designed to provide access to distributed directories. LDAP traffic can be made secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. It can be achieved by enabling LDAP over SSL (LDAPS) and by installing a properly formatted certificate from either a Microsoft certification authority (CA) or a non-Microsoft CA.

The vulnerability is due to incorrect allocation of memory by LDAP service for specially crafted LDAP requests.

The processing of a malformed LDAP request could trigger an error in the affected component, resulting in a memory error that could cause either Denial of Service condition and automatically restart in order to recover from the error or run arbitrary code and could provide complete control of an affected system.

Workaround

  • Block TCP ports 389 (LDAP) and 636 (LDAPS) at the perimeter firewall

Solution

Apply appropriate patch as mentioned in Microsoft Security Bulletin MS08-060

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS08-060.mspx

References

 Secunia
http://secunia.com/advisories/32242/

SecurityTracker
http://securitytracker.com/alerts/2008/Oct/1021042.html

SecurityFocus
http://www.securityfocus.com/bid/31609/

FrSIRT
http://www.frsirt.com/english/advisories/2008/2811

CVE name
CVE-2008-4023

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003