Microsoft Active Directory SPN Collosions May Let Remote Authenticated Users Deny Service
|
SecurityTracker Alert ID: 1025042 |
SecurityTracker URL: http://securitytracker.com/id/1025042
|
CVE Reference:
CVE-2011-0040
(Links to External Site)
|
Date: Feb 9 2011
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Microsoft Active Directory. A remote authenticated user can cause denial of service conditions.
The system does not properly validate service principal name (SPN) values. A remote authenticated user can send specially crafted data to cause the target system to downgrade from Kerberos to NT LAN Manager (NTLM) and potentially cause the service to stop responding.
|
Impact:
A remote authenticated user can cause denial of service conditions on the target system.
|
Solution:
The vendor has issued the following fixes:
Windows Server 2003 Service Pack 2, Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=651C1F4F-4E69-4D17-8AA2-72681DFC5463
Windows Server 2003 x64 Edition Service Pack 2, Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=EC962B0E-E951-4E70-8D97-8C2AFD360C28
Windows Server 2003 with SP2 for Itanium-based Systems, Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=4AC66EAE-E6D8-4E8B-B4EA-E7A77CC74DB0
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-005.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms11-005.mspx (Links to External Site)
|
Cause:
State error
|
Underlying OS: Windows (2003)
|
Underlying OS Comments: 2003 SP2
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|