4 matches found
Microsoft Windows活动目录LDAP请求验证远程拒绝服务漏洞(MS07-039)
BUGTRAQ ID: 24796 CVECAN ID: CVE-2007-3028 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft活动目录在处理畸形的请求数据时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。 Microsoft活动目录没有正确地验证LDAP请求中可转换属性的数量,攻击者可能通过向运行活动目录的服务器发送特制的LDAP请求来利用该漏洞,成功利用此漏洞的攻击者可能导致服务器暂时停止响应。 Microsoft Windows 2000 Server SP4 临时解决方法: 在防火墙处阻止TCP端口389和3268。...
MS07-039: Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) (uncredentialed check)
The remote version of Active Directory contains a flaw in the LDAP request handler code that may allow an attacker to execute code on the remote host. On Windows 2000, an anonymous attacker can exploit this flaw by sending a specially crafted LDAP packet. Additionally, Active Directory is affecte...
CVE-2007-3028
CVE-2007-3028 describes a denial-of-service vulnerability in Windows 2000 Server SP4 where the LDAP service in Active Directory fails to properly validate the number of convertible attributes in client-sent LDAP requests. The linked materials indicate this is a separate issue from CVE-2007-0040, ...
MS07-039: Microsoft Windows Active Directory LDAP Service Remote Code Execution (926122)
The remote version of Active Directory contains a flaw in the LDAP request handler code that allows an attacker to execute code on the remote host. On Windows 2000 an anonymous attacker can exploit this flaw by sending a specially crafted LDAP packet. On Windows 2003 valid credentials are needed ...