Vigil@nce: Windows, denial of service of Active Directory
November 2009 by Vigil@nce
An attacker can use a malicious LDAP/LDAPS query, in order to generate a denial of service in the Active Directory.
Consequences: denial of service of service
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 12/11/2009
Microsoft Windows 2000
Microsoft Windows 2003
Microsoft Windows 2008
Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
The Active Directory and its components can be installed on
Windows 2000, 2003, 2008 : Active Directory
Windows XP, 2003 : ADAM (Active Directory Application Mode)
Windows 2008 : AD LDS (Active Directory Lightweight Directory Service)
The Active Directory handles queries from LDAP (389/tcp and 3268/tcp) or LDAPS (636/tcp and 3269/tcp).
An attacker can use a malformed LDAP/LDAPS query, which generates a recursive function call, and blocks the AD. This attacker has to be authenticated, unless the AD is installed on Windows 2000.
An attacker can therefore use a malicious LDAP/LDAPS query, in order to generate a denial of service in the Active Directory.
Identifiers: 973309, BID-36918, CVE-2009-1928, MS09-066,