[SA37304] Microsoft Windows Active Directory Denial of Service
János Csárdi-Braunstein
csardijanos at gmail.com
2009. Nov. 11., Sze, 09:15:13 CET
TITLE:
Microsoft Windows Active Directory Denial of Service
SECUNIA ADVISORY ID:
SA37304
VERIFY ADVISORY:
http://secunia.com/advisories/37304/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a stack overflow error in Active
Directory, Active Directory Application Mode (ADAM), and Active
Directory Lightweight Directory Service (AD LDS) when parsing LDAP or
LDAPS requests. This can be exploited via a specially crafted request
to cause the system to stop responding.
SOLUTION:
Apply patches.
Windows 2000 Server SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=297158cf-374c-45d9-b213-978e1f54d244
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=cbe09780-f288-457a-b254-58c9c8744055
Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=b65ddf36-a02d-4aa2-9b4f-7416dbf59e2a
Windows Server 2003 SP2 / Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=28f1c494-4e16-43b6-93d2-49e15f142ac9
Windows Server 2003 SP2 / Active Directory Application Mode (ADAM):
http://www.microsoft.com/downloads/details.aspx?familyid=44cb9029-4b19-4bad-8fc9-3efe285adb0e
Windows Server 2003 x64 Edition SP2 / Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=509aeec0-112b-44ab-8686-43f381b61940
Windows Server 2003 x64 Edition SP2 / Active Directory Application
Mode (ADAM):
http://www.microsoft.com/downloads/details.aspx?familyid=87f2109e-5129-467c-930f-70af31ebf5de
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=040e691b-1ef0-4b73-bef7-a1d77b84b0ca
Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=701abf15-7f93-41de-8d09-13404fd79a7e
Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=17f5f9e0-5869-41da-9b3b-6e67540af1f0
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
MS09-066 (KB973309, KB973037, KB973039):
http://www.microsoft.com/technet/security/Bulletin/MS09-066.mspx
--------- következő rész ---------
Egy csatolt HTML állomány át lett konvertálva...
URL: http://lista.sulinet.hu/pipermail/techinfo/attachments/20091111/5416b615/attachment.html
További információk a(z) Techinfo levelezőlistáról