Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) |
| Informations | |||
|---|---|---|---|
| Name | MS09-018 | First vendor Publication | 2009-06-09 |
| Vendor | Microsoft | Last vendor Modification | 2009-06-17 |
| Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.1 (June 17, 2009): Listed Microsoft Windows 2000 Professional Service Pack 4, all supported editions of Windows Vista, and all supported versions of Windows Server 2008 for Itanium-based Systems as non-affected software. Also, clarified which ports are used by the Global Catalog server in the Block TCP ports workaround for CVE-2009-1139. This is an informational change only.Summary: This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS09-018.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6180 | |||
| Oval ID: | oval:org.mitre.oval:def:6180 | ||
| Title: | Active Directory Invalid Free Vulnerability | ||
| Description: | The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1138 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6253 | |||
| Oval ID: | oval:org.mitre.oval:def:6253 | ||
| Title: | Active Directory Memory Leak Vulnerability | ||
| Description: | Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1139 | Version: | 8 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Os | 1 | |
| Os | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-06-11 | Name : Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) File : nvt/secpod_ms09-018.nasl |
| 2009-06-10 | Name : Microsoft IIS Security Bypass Vulnerability (970483) File : nvt/secpod_ms09-020.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 54938 | Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS |
| 54937 | Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN Attr... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows Active Directory LDAP denial of service attempt RuleID : 15527 - Revision : 11 - Type : OS-WINDOWS |
| 2014-01-10 | Active Directory invalid OID denial of service attempt RuleID : 15522 - Revision : 8 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-06-10 | Name : Arbitrary code can be executed on the remote host through Microsoft Active Di... File : smb_nt_ms09-018.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:46:13 |
|
| 2014-01-19 21:30:19 |
|
