Title: Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138) Date: 24 July 2002 Software: Microsoft Metadirectory Services 2.2 Impact: Elevation of privilege Max Risk: Medium Bulletin: MS02-036
Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-036.asp.
Microsoft Metadirectory Services (MMS) is a centralized metadirectory service that provides connectivity, management, and interoperability functions to help unify fragmented directory and database environments. It enables enterprises to link together disparate data repositories such as Exchange directory, Active Directory, third-party directory services, and proprietary databases, for the purpose of ensuring that the data in each is consistent, accurate, and can be centrally managed.
A flaw exists that could enable an unprivileged user to access and manipulate data within MMS that should, by design, only be accessible to MMS administrators. Specifically, it is possible for an unprivileged user to connect to the MMS data repository via an LDAP client in such a way as to bypass certain security checks. This could enable an attacker to modify data within the MMS data repository, either for the purpose of changing the MMS configuration or replicating bogus data to the other data repositories.
If normal security practices have been followed, the vulnerability could not be exploited from the Internet.
The vulnerability could only be exploited by an attacker who had significant technical expertise at a protocol level. The vulnerability does not provide access to MMS itself, but rather to the MMS data repository. Determining what data to change - and how to change it - in order to cause a desired effect could be quite difficult
A successful attack would require a detailed understanding of the specific way MMS had been configured, as well as information about all of the other directories and database it was being used to manage. It is likely that the vulnerability could only be exploited by an attacker who had insider knowledge about the enterprise.
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.