Executive Summary

Summary
Title Microsoft Windows Active Directory fails to properly validate client sent LDAP requests
Informations
Name VU#348953 First vendor Publication 2007-07-11
Vendor VU-CERT Last vendor Modification 2007-07-11
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#348953

Microsoft Windows Active Directory fails to properly validate client sent LDAP requests

Overview

Microsoft Windows Active Directory fails to properly validate client-sent LDAP requests and may result in a denial of service condition.

I. Description

Microsoft Windows Active Directory contains a vulnerability in the way that the LDAP service validates the number of convertible attributes in the client-sent request. By sending a specially crafted LDAP request to a server running Active Directory, an attacker may be able to cause the server to stop responding.

II. Impact

A remote attacker may be able to cause a denial of service condition.

III. Solution

Apply an Update

Microsoft has released updates in Microsoft Security Bulletin MS07-039 to address this issue.

Workaround

Microsoft suggests blocking port 389/tcp and port 3268/tcp at the firewall to prevent exploitation of this vulnerability. Please see Microsoft Security Bulletin MS07-039 for further information.

Systems Affected

VendorStatusDate Updated
Microsoft CorporationVulnerable10-Jul-2007

References


http://www.microsoft.com/technet/security/bulletin/ms07-039.mspx

Credit

This vulnerability was reported in Microsoft Security Bulletin MS07-039. Microsoft credits Peter Winter-Smith of NGSSoftware for reporting the vulnerability to them.

This document was written by Katie Steiner.

Other Information

Date Public07/10/2007
Date First Published07/11/2007 04:06:22 PM
Date Last Updated07/11/2007
CERT Advisory 
CVE NameCVE-2007-3028
Metric0.39
Document Revision7

Original Source

Url : http://www.kb.cert.org/vuls/id/348953

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1856
 
Oval ID: oval:org.mitre.oval:def:1856
Title: Windows Active Directory Denial of Service Vulnerability
Description: The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
Family: windows Class: vulnerability
Reference(s): CVE-2007-3028
 Version: 1
Platform(s): Microsoft Windows 2000
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Open Source Vulnerability Database (OSVDB)

Id Description
35961 Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows Active Directory crafted LDAP request denial of service att...
RuleID : 15944 - Revision : 8 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2007-07-11 Name : It is possible to execute code on the remote host.
File : smb_kb926122.nasl - Type : ACT_GATHER_INFO
2007-07-10 Name : It is possible to execute code on the remote host.
File : smb_nt_ms07-039.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-05-08 13:28:02
  • Multiple Updates
2013-05-11 12:26:34
  • Multiple Updates