Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-1138 | First vendor Publication | 2009-06-10 |
Vendor | Cve | Last vendor Modification | 2019-04-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1138 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6180 | |||
Oval ID: | oval:org.mitre.oval:def:6180 | ||
Title: | Active Directory Invalid Free Vulnerability | ||
Description: | The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1138 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-06-11 | Name : Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) File : nvt/secpod_ms09-018.nasl |
2009-06-10 | Name : Microsoft IIS Security Bypass Vulnerability (970483) File : nvt/secpod_ms09-020.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54937 | Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN Attr... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Active Directory LDAP denial of service attempt RuleID : 15527 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Active Directory invalid OID denial of service attempt RuleID : 15522 - Revision : 8 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-06-10 | Name : Arbitrary code can be executed on the remote host through Microsoft Active Di... File : smb_nt_ms09-018.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:09:21 |
|
2021-04-22 01:09:41 |
|
2020-05-23 00:23:34 |
|
2019-04-30 21:19:20 |
|
2018-10-13 00:22:48 |
|
2017-09-29 09:24:09 |
|
2016-06-28 17:38:45 |
|
2016-04-26 18:44:00 |
|
2014-02-17 10:49:29 |
|
2014-01-19 21:25:49 |
|
2013-05-10 23:47:51 |
|