Lucene search

K
saintSAINT CorporationSAINT:C4D3EEBFA43B91B5A4802CEE44392E41
HistoryApr 04, 2006 - 12:00 a.m.

Windows LSASS buffer overflow

2006-04-0400:00:00
SAINT Corporation
my.saintcorporation.com
35

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.972

Percentile

99.9%

Added: 04/04/2006
CVE: CVE-2003-0533
BID: 10108
OSVDB: 5248

Background

The Local Security Authority Subsystem Service (LSASS) provides an interface for managing local security, domain authentication, and Active Directory processes.

Problem

A buffer overflow in the **DsRolepInitializeLog** function in the Windows LSASS service allows remote command execution.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 04-011.

References

http://www.kb.cert.org/vuls/id/753212

Limitations

This exploit may cause the target system to crash.

Platforms

Windows 2000
Windows XP

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.972

Percentile

99.9%