7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.06 Low
EPSS
Percentile
93.4%
A flaw has been discovered in the way that Microsoft’s Active Directory service handles large LDAP requests. This flaw could result in a denial-of-service vulnerability.
The directory services provided by Microsoft’s Active Directory are based on the Lightweight Directory Access Protocol (LDAP). Active Directory objects can be stored and retrieved using standard LDAPv3 requests. Core Security Technologies has discovered a flaw in the way the Active Directory service handles long LDAP requests.
This flaw occurs when an LDAP search request with more than 700 logical qualifiers (e.g., “AND” or “OR”) is sent to the server. Exploitation of the flaw reportedly results in a stack overflow and subsequent crash of the Local Security Authority Sub-System (Lsass.exe
) service. The death of the Lsass.exe
process forces a shutdown of the Windows host system, resulting in a denial of service for the affected server.
Remote attackers may be able to crash the Active Directory server. This can result in a serious denial-of-service condition since the Active Directory service necessarily resides on Windows domain controllers. Unavailability of the domain controllers may affect normal operations within the domain.
Microsoft has included a patch for this issue in Windows 2000 Service Pack 4. For additional information, users are encouraged to review the following Microsoft Knowledge Base Articles:
319709 - An Access Violation Occurs in Lsass Because of a Stack Overflow
260910 - How to Obtain the Latest Windows 2000 Service Pack
Workarounds
Block or restrict access to the Active Directory service (port 389/tcp) from untrusted networks such as the Internet. As a general rule, the CERT/CC recommends that sites block all types of network traffic from sources that are not explicitly required for normal operation.
594108
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 14, 2003 Updated: July 17, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft has included a patch for this issue in Windows 2000 Service Pack 4. For additional information, users are encouraged to review the following Microsoft Knowledge Base Articles:
319709 - An Access Violation Occurs in Lsass Because of a Stack Overflow
260910 - How to Obtain the Latest Windows 2000 Service Pack
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23594108 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Core Security Technologies for discovering, researching, and reporting this vulnerability.
This document was written by Chad R Dougherty.
CVE IDs: | CVE-2003-0507 |
---|---|
Severity Metric: | 13.10 Date Public: |