HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-82
Microsoft Active Directory Remote Denial of Service

Original Issue Date: June 12, 2008

Severity Rating: Medium

System Affected

  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Server 2003 x64 Edition
  • Windows Server 2003 x64 Edition SP2
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 Service Pack 2
  • Windows XP Professional x64 Edition
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows XP Professional Service Pack 3
  • Windows XP Professional Service Pack 2
  • Microsoft Windows 2000 Server Service Pack 4

Componenet Affected

  • Active Directory (AD)
  • Active Directory Application Mode (ADAM)
  • Active Directory Lightweight Directory Services (AD LDS)

Overview

A vulnerability has been reported in Microsoft Active Directory that could allow a remote user to execute arbitrary code and to take complete control of an affected system.

Description

The Lightweight Directory Access Protocol ( LDAP) is an application protocol for querying and modifying directory services running over TCP/IP.

Active Directory -LDAP based protocol -is a centralized and standardized directory service by Microsoft that automates network management of user data, security, and distributed resources, and enables interoperation with other directories for Windows-based computers primarily in Windows environments.

Active Directory Lightweight Directory Services(AD LDS) previously known as Active Directory Application Mode (ADAM) is a light-weight implementation of Active Directory which shares the code base with Active Directory and provides the same functionality as Active Directory, but does not require the creation of domains or domain controllers.

A denial of service vulnerability exists in Microsoft's Active Directory. The vulnerability is caused due to an input validation error in the processing of LDAP requests. This can be exploited to cause a vulnerable system to stop responding and automatically restart via a specially crafted LDAP packet sent to the Active Directory Application Mode (ADAM), Active Directory, or AD LDS server.

Workaround

  • Block TCP ports 389 and 3268 at the perimeter firewall

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-035

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms08-035.mspx

References

FrSIRT
http://www.frsirt.com/english/advisories/2008/1782

SecurityLab
http://en.securitylab.ru/notification/354533.php

Secunia
http://secunia.com/advisories/30586

SecurityTracker
http://securitytracker.com/alerts/2008/Jun/1020229.html

SecurityFocus
http://www.securityfocus.com/bid/29584

CVE Name
CVE-2008-1445

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003