Windows LSASS buffer overflow

2006-04-04T00:00:00
ID SAINT:046E7435E6A7E9C822D01D7F1541DC19
Type saint
Reporter SAINT Corporation
Modified 2006-04-04T00:00:00

Description

Added: 04/04/2006
CVE: CVE-2003-0533
BID: 10108
OSVDB: 5248

Background

The Local Security Authority Subsystem Service (LSASS) provides an interface for managing local security, domain authentication, and Active Directory processes.

Problem

A buffer overflow in the **DsRolepInitializeLog** function in the Windows LSASS service allows remote command execution.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 04-011.

References

<http://www.kb.cert.org/vuls/id/753212>

Limitations

This exploit may cause the target system to crash.

Platforms

Windows 2000
Windows XP