Executive Summary
Summary | |
---|---|
Title | Vulnerability in Active Directory Could Allow Denial of Service (946538) |
Informations | |||
---|---|---|---|
Name | MS08-003 | First vendor Publication | 2008-02-12 |
Vendor | Microsoft | Last vendor Modification | 2008-02-12 |
Severity (Vendor) | Important | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
This important security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003. The vulnerability could allow a denial of service condition. On Windows Server 2003 and Windows XP an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms08-003.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5181 | |||
Oval ID: | oval:org.mitre.oval:def:5181 | ||
Title: | Windows Active Directory Denial of Service Vulnerability | ||
Description: | Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0088 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 2 | |
Os | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41461 | Microsoft Active Directory / ADAM Malformed LDAP Request Remote DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Active Directory LDAP query handling denial of service RuleID : 16433 - Revision : 3 - Type : EXPLOIT |
2014-01-10 | Microsoft Active Directory LDAP query DoS attempt RuleID : 16202 - Revision : 2 - Type : WEB-MISC |
2014-01-10 | Microsoft Active Directory LDAP denial of service attempt RuleID : 13475 - Revision : 13 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-02-12 | Name : It is possible to crash Active Directory on the remote host. File : smb_nt_ms08-003.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:51 |
|
2014-01-19 21:30:09 |
|
2013-05-11 00:49:17 |
|