Vigil@nce: Windows, denial of service of Active Directory
November 2009 by Vigil@nce
An attacker can use a malicious LDAP/LDAPS query, in order to
generate a denial of service in the Active Directory.
– Severity: 2/4
– Consequences: denial of service of service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 12/11/2009
IMPACTED PRODUCTS
– Microsoft Windows 2000
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
The Active Directory and its components can be installed on
Windows :
– Windows 2000, 2003, 2008 : Active Directory
– Windows XP, 2003 : ADAM (Active Directory Application Mode)
– Windows 2008 : AD LDS (Active Directory Lightweight Directory
Service)
The Active Directory handles queries from LDAP (389/tcp and
3268/tcp) or LDAPS (636/tcp and 3269/tcp).
An attacker can use a malformed LDAP/LDAPS query, which generates
a recursive function call, and blocks the AD. This attacker has to
be authenticated, unless the AD is installed on Windows 2000.
An attacker can therefore use a malicious LDAP/LDAPS query, in
order to generate a denial of service in the Active Directory.
CHARACTERISTICS
– Identifiers: 973309, BID-36918, CVE-2009-1928, MS09-066,
VIGILANCE-VUL-9186
– Url: http://vigilance.fr/vulnerability/Windows-denial-of-service-of-Active-Directory-9186