Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Directory)  >   Microsoft Active Directory Vendors:   Microsoft
Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1020229
SecurityTracker URL:
CVE Reference:   CVE-2008-1445   (Links to External Site)
Updated:  Jun 14 2008
Original Entry Date:  Jun 10 2008
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft Active Directory. A remote user can cause denial of service conditions.

A remote user can send specially crafted LDAP packets to cause the target system to stop responding and automatically restart.

Active Directory Application Mode (ADAM) and Active Directory Lightweight Directory Service (AD LDS) are also affected.

Alex Matthews and John Guzik of Securify reported this vulnerability.

Impact:   A remote user can cause the target system to stop responding and automatically restart.
Solution:   The vendor has issued a fix. A patch matrix is available in the vendor's advisory.

A restart is required.

The Microsoft advisory is available at:

On June 14, 2008 (UTC), Microsoft issued an advisory warning that the System Center Configuration Manager 2007 may fail to deploy these updates to Systems Management Services (SMS) 2003 clients:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
Underlying OS Comments:  2000 SP4, 2003 SP2, XP SP3, Vista SP1, 2008; and prior service packs

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC