Further info on the LDAP problem: A Bug Returns

From: Dave Stubbs (dstubbs@EARTHLING.NET)
Date: 09/21/01


Message-ID:  <004a01c142b1$84e74c40$3a0aa8c0@nnait1701f>
Date:         Fri, 21 Sep 2001 11:24:24 -0400
From: Dave Stubbs <dstubbs@EARTHLING.NET>
Subject:      Further info on the LDAP problem:  A Bug Returns
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Further to my previous email on the "LDAP Broken" issue with the MS01-044 fix:

It seems that there is a conflict between native ActiveDirectory LDAP and the LDAP portion of the H323 forwarder in NAT routing. (Try to say that 10 times fast) Microsoft has an article about this:

http://support.microsoft.com/support/kb/articles/Q261/2/03.ASP?LN=EN-US&SD=gn&FR=0&qry=ldap%20nat&rnk=2&src=DHCS_MSPSS_gn_SRCH&SPR=WIN2000

which of course claims that this problem was fixed in Service Pack 1. Well, Microsoft, it looks like the problem is back now!

Using the netsh command suggested, I was able to regain AD LDAP functionality at the expense of LDAP forwarding in NAT (that means no more key updates or key searches on public key servers using PGPKeys!)

So my Active Directory is remote-manageable again, but I don't like the price I had to pay to get it going.

Dave...

Footnote: Has anyone considered the power of the netsh.exe command and related security issues? netsh.exe seems to give full command-line administrative power over RRAS. Hence it should be possible to connect to the root.exe or cmd.exe built into a CodeRed-compromised system and easily manipulate RRAS on the infected machine to route all internet-bound information through your own system. Man-in-the-middle attack ready-made! Ouch!

======================================
Delivery co-sponsored by Trend Micro, Inc.
======================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?siS&BI;$5&UL;=http://www.ant
ivirus.com/smex2000_rebate



Relevant Pages

  • Re: Outlook 2003 - LDAP Directory Server
    ... If you can't get Outlook 2003 started in order to select Tools> Email ... accounts so you can remove the Microsoft Exchange & LDAP services, ...
    (microsoft.public.outlook)
  • Latest IIS Cumulative Patch Breaks LDAP?
    ... Latest IIS Cumulative Patch Breaks LDAP? ... Computers from any other machine except the server itself. ... Microsoft Exchange 2000 between October 1 and November 16. ...
    (NT-Bugtraq)
  • Re: Call to arms - INFORMATION ANARCHY
    ... both have PhD's and my mother was a fortran programmer way back in ... Delivery co-sponsored by Trend Micro, ... Earn 5% rebate on licenses purchased for Trend Micro ScanMail for ... Microsoft Exchange 2000 between October 1 and November 16. ...
    (NT-Bugtraq)
  • Re: W2k/XP hangs with "TAB BS BS" on console
    ... crashed or hung when presented with random win32 API inputs. ... Delivery co-sponsored by Trend Micro, ... Earn 5% rebate on licenses purchased for Trend Micro ScanMail for ... Microsoft Exchange 2000 between October 1 and November 16. ...
    (NT-Bugtraq)
  • Alert: W32/Gone.A-mm going ballistic
    ... Check your AV company for update details, although their sites may be very ... Delivery co-sponsored by Trend Micro, ... Earn 5% rebate on licenses purchased for Trend Micro ScanMail for ... Microsoft Exchange 2000 between October 1 and November 16. ...
    (NT-Bugtraq)