[SA37304] Microsoft Windows Active Directory Denial of Service

János Csárdi-Braunstein csardijanos at gmail.com
2009. Nov. 11., Sze, 09:15:13 CET


TITLE:
Microsoft Windows Active Directory Denial of Service

SECUNIA ADVISORY ID:
SA37304

VERIFY ADVISORY:
http://secunia.com/advisories/37304/

DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a stack overflow error in Active
Directory, Active Directory Application Mode (ADAM), and Active
Directory Lightweight Directory Service (AD LDS) when parsing LDAP or
LDAPS requests. This can be exploited via a specially crafted request
to cause the system to stop responding.

SOLUTION:
Apply patches.

Windows 2000 Server SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=297158cf-374c-45d9-b213-978e1f54d244

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=cbe09780-f288-457a-b254-58c9c8744055

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=b65ddf36-a02d-4aa2-9b4f-7416dbf59e2a

Windows Server 2003 SP2 / Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=28f1c494-4e16-43b6-93d2-49e15f142ac9

Windows Server 2003 SP2 / Active Directory Application Mode (ADAM):
http://www.microsoft.com/downloads/details.aspx?familyid=44cb9029-4b19-4bad-8fc9-3efe285adb0e
	
Windows Server 2003 x64 Edition SP2 / Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=509aeec0-112b-44ab-8686-43f381b61940

Windows Server 2003 x64 Edition SP2 / Active Directory Application
Mode (ADAM):
http://www.microsoft.com/downloads/details.aspx?familyid=87f2109e-5129-467c-930f-70af31ebf5de

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=040e691b-1ef0-4b73-bef7-a1d77b84b0ca

Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=701abf15-7f93-41de-8d09-13404fd79a7e

Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=17f5f9e0-5869-41da-9b3b-6e67540af1f0

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
MS09-066 (KB973309, KB973037, KB973039):
http://www.microsoft.com/technet/security/Bulletin/MS09-066.mspx
--------- következő rész ---------
Egy csatolt HTML állomány át lett konvertálva...
URL: http://lista.sulinet.hu/pipermail/techinfo/attachments/20091111/5416b615/attachment.html


További információk a(z) Techinfo levelezőlistáról