6 matches found
Microsoft活动目录服务LDAP报文内存破坏漏洞(MS09-018)
BUGTRAQ ID: 35226 CVECAN ID: CVE-2009-1138 Microsoft Windows是微软发布的非常流行的操作系统。 由于在处理特制LDAP或LDAPS请求时没有正确地释放内存,Windows 2000 Server上的Active Directory实现中存在一个远程执行代码漏洞。攻击者可能通过向运行Windows 2000 的域控制器发送特制的LDA 或LDAPS报文来利用该漏洞。任何可以访问目标网络的匿名用户均可以向受影响的系统传递特制报文以利用此漏洞。 Microsoft Windows 2000 Server SP4 临时解决方法:...
Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
This host is missing a critical security update according to Microsoft Bulletin MS09-018. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2009-1138
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN...
CVE-2009-1138
CVE-2009-1138 concerns Microsoft Active Directory on Windows 2000 Server SP4, where the LDAP/LDAPS service fails to free memory for certain hex-encoded requests. The underlying issue, described as an invalid free/memory leak, can allow a remote attacker to cause arbitrary code execution on the ta...
MS09-018: Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
The version of Microsoft Active Directory / Active Directory Application Mode installed on the remote host is affected by one or both of the following vulnerabilities : - A flaw involving the way memory is freed when handling specially crafted LDAP or LDAPS requests allows a remote attacker to...
Microsoft Active Directory LDAP Invalid Free Allocation (MS09-018; CVE-2009-1138)
Active Directory provides central authentication and authorization services for Windows-based systems. Active Directory Application Mode ADAM is a Lightweight Directory Access Protocol LDAP directory service that runs as a user service. A remote code execution vulnerability has been reported in...