[email protected]CVE-2009-1138

HistoryJun 10, 2009 - 6:00 p.m.

CVE-2009-1138

2009-06-1018:00:00

CWE-399

[email protected]

web.nvd.nist.gov

active directory

ldap service

memory leak

vulnerability

windows 2000

cve-2009-1138

nvd

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.879 High

EPSS

Percentile

98.7%

JSON

The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a “DN AttributeValue,” aka “Active Directory Invalid Free Vulnerability.” NOTE: this issue is probably a memory leak.

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=804

osvdb.org/54937

secunia.com/advisories/35355

support.avaya.com/elmodocs2/security/ASA-2009-214.htm

www.securityfocus.com/bid/35226

www.securitytracker.com/id?1022349

www.us-cert.gov/cas/techalerts/TA09-160A.html

www.vupen.com/english/advisories/2009/1537

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6180

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.879 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2009-1138

checkpoint_advisories1 seebug1 securityvulns3 prion1 cvelist1 nessus1 openvas2