SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Directory)  >   Microsoft Active Directory Vendors:   Microsoft
Microsoft Active Directory Stack Memory Consumption Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1023156
SecurityTracker URL:  http://securitytracker.com/id/1023156
CVE Reference:   CVE-2009-1928   (Links to External Site)
Date:  Nov 10 2009
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft Active Directory. A remote user can cause denial of service conditions.

A remote user can send specially crafted LDAP or LDAPS requests to consume all available stack memory on the target system and cause the target system to stop responding.

Active Directory Application Mode (ADAM) is affected when installed on Windows XP and Windows Server 2003. Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 is also affected.
Impact:   A remote user can cause the target system to stop responding.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Server Service Pack 4, Active Directory:

http://www.microsoft.com/downloads/details.aspx?familyid=297158cf-374c-45d9-b213-978e1f54d244

Windows XP Service Pack 2 and Windows XP Service Pack 3, Active Directory Application Mode (ADAM):

http://www.microsoft.com/downloads/details.aspx?familyid=cbe09780-f288-457a-b254-58c9c8744055

Windows XP Professional x64 Edition Service Pack 2, Active Directory Application Mode (ADAM):

http://www.microsoft.com/downloads/details.aspx?familyid=b65ddf36-a02d-4aa2-9b4f-7416dbf59e2a

Windows Server 2003 Service Pack 2, Active Directory:

http://www.microsoft.com/downloads/details.aspx?familyid=28f1c494-4e16-43b6-93d2-49e15f142ac9

Windows Server 2003 x64 Edition Service Pack 2, Active Directory:

http://www.microsoft.com/downloads/details.aspx?familyid=509aeec0-112b-44ab-8686-43f381b61940

Windows Server 2003 with SP2 for Itanium-based Systems, Active Directory:

http://www.microsoft.com/downloads/details.aspx?familyid=040e691b-1ef0-4b73-bef7-a1d77b84b0ca

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*, Active Directory and Active Directory Lightweight Directory Service (AD LDS):

http://www.microsoft.com/downloads/details.aspx?familyid=701abf15-7f93-41de-8d09-13404fd79a7e

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*, Active Directory and Active Directory Lightweight Directory Service (AD LDS):

http://www.microsoft.com/downloads/details.aspx?familyid=17f5f9e0-5869-41da-9b3b-6e67540af1f0

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-066.mspx
Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-066.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:   Windows (2000), Windows (2003), Windows (2008), Windows (XP)

Message History:   None.

 Source Message Contents
Date:  Tue, 10 Nov 2009 20:19:47 +0000
Subject:  http://www.microsoft.com/technet/security/bulletin/ms09-066.mspx


Microsoft Security Bulletin MS09-066 - Important: Vulnerability in Active Directory Could Allow Denial of Service (973309)

CVE-2009-1928


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC