Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1020229 |
|
SecurityTracker URL: http://securitytracker.com/id/1020229
|
|
CVE Reference:
CVE-2008-1445
(Links to External Site)
|
Updated: Jun 14 2008
|
Original Entry Date: Jun 10 2008
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Microsoft Active Directory. A remote user can cause denial of service conditions.
A remote user can send specially crafted LDAP packets to cause the target system to stop responding and automatically restart.
Active Directory Application Mode (ADAM) and Active Directory Lightweight Directory Service (AD LDS) are also affected.
Alex Matthews and John Guzik of Securify reported this vulnerability.
|
Impact:
A remote user can cause the target system to stop responding and automatically restart.
|
Solution:
The vendor has issued a fix. A patch matrix is available in the vendor's advisory.
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-035.mspx
On June 14, 2008 (UTC), Microsoft issued an advisory warning that the System Center Configuration Manager 2007 may fail to deploy these updates to Systems Management Services (SMS) 2003 clients:
http://www.microsoft.com/technet/security/advisory/954474.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-035.mspx (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 10 Jun 2008 15:20:43 -0400
Subject: Microsoft Security Bulletin MS08-035 Important: Vulnerability in Active Directory Could Allow Denial of Service (953235)
|
http://www.microsoft.com/technet/security/bulletin/ms08-035.mspx
CVE-2008-1445
|
|
