Executive Summary
Summary | |
---|---|
Title | Vulnerability in Active Directory Could Allow Denial of Service (953235) |
Informations | |||
---|---|---|---|
Name | MS08-035 | First vendor Publication | 2008-06-10 |
Vendor | Microsoft | Last vendor Modification | 2008-06-10 |
Severity (Vendor) | Important | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008; Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003; and Active Directory Lightweight Directory Service (AD LDS) when installed on Windows Server 2008. The vulnerability could be exploited to allow an attacker to cause a denial of service condition. On Windows XP Professional, Windows Server 2003, and Windows Server 2008, an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart. |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:4910 | |||
Oval ID: | oval:org.mitre.oval:def:4910 | ||
Title: | Windows Active Directory Denial of Service Vulnerability | ||
Description: | Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1445 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-01-18 | Name : Microsoft Active Directory Denial of Service Vulnerability (953235) File : nvt/gb_ms08-035.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46066 | Microsoft Windows Active Directory LDAP Request Processing Remote DoS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-06-12 | IAVM : 2008-A-0041 - Microsoft Active Directory Denial of Service Vulnerability Severity : Category I - VMSKEY : V0016040 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Active Directory LDAP cookie denial of service attempt RuleID : 13835 - Revision : 12 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-06-12 | Name : It is possible to crash Active Directory on the remote host. File : smb_nt_ms08-035.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:59 |
|
2014-01-19 21:30:12 |
|
2013-11-11 12:41:08 |
|
2013-05-11 00:49:20 |
|