Further info on the LDAP problem: A Bug Returns

From: Dave Stubbs (dstubbs@EARTHLING.NET)
Date: 09/21/01


Message-ID:  <004a01c142b1$84e74c40$3a0aa8c0@nnait1701f>
Date:         Fri, 21 Sep 2001 11:24:24 -0400
From: Dave Stubbs <dstubbs@EARTHLING.NET>
Subject:      Further info on the LDAP problem:  A Bug Returns
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Further to my previous email on the "LDAP Broken" issue with the MS01-044 fix:

It seems that there is a conflict between native ActiveDirectory LDAP and the LDAP portion of the H323 forwarder in NAT routing. (Try to say that 10 times fast) Microsoft has an article about this:

http://support.microsoft.com/support/kb/articles/Q261/2/03.ASP?LN=EN-US&SD=gn&FR=0&qry=ldap%20nat&rnk=2&src=DHCS_MSPSS_gn_SRCH&SPR=WIN2000

which of course claims that this problem was fixed in Service Pack 1. Well, Microsoft, it looks like the problem is back now!

Using the netsh command suggested, I was able to regain AD LDAP functionality at the expense of LDAP forwarding in NAT (that means no more key updates or key searches on public key servers using PGPKeys!)

So my Active Directory is remote-manageable again, but I don't like the price I had to pay to get it going.

Dave...

Footnote: Has anyone considered the power of the netsh.exe command and related security issues? netsh.exe seems to give full command-line administrative power over RRAS. Hence it should be possible to connect to the root.exe or cmd.exe built into a CodeRed-compromised system and easily manipulate RRAS on the infected machine to route all internet-bound information through your own system. Man-in-the-middle attack ready-made! Ouch!

======================================
Delivery co-sponsored by Trend Micro, Inc.
======================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?siS&BI;$5&UL;=http://www.ant
ivirus.com/smex2000_rebate