Microsoft Windows 2000 LSASS fails to properly handle certain LDAP messages

Overview

A vulnerability exists in the Lightweight Directory Access Protocol (LDAP) message processing of the Windows 2000 domain controller. An attacker may be able to cause a denial-of-service condition to the vulnerable Active Directory domain.

Description

A vulnerability exists in the processing of Lightweight Directory Access Protocol (LDAP) messages by the Windows 2000 domain controller. An attacker may be able send a crafted LDAP message to the vulnerable system and stop the authentication service for the Active Directory domain to stop.

---

Impact

A remote attacker may be able to stop the authentication service, causing a denial-of-service condition for the Active Directory domain.

---

Solution

Apply a patch from the vendor

Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.

---

Vendor Information

639428

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: April 13, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft Security Bulletin MS04-011 contains information regarding this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23639428 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx&gt;

Acknowledgements

Thanks to Microsoft for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs:	CVE-2003-0663
Severity Metric:	4.94 Date Public: