[NT] Vulnerability in Active Directory Allows Code Execution (MS08-060)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 15 Oct 2008 10:24:15 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerability in Active Directory Allows Code Execution (MS08-060)
------------------------------------------------------------------------
SUMMARY
This security update resolves a privately reported vulnerability in
implementations of Active Directory on Microsoft Windows 2000 Server. The
vulnerability could allow remote code execution if an attacker gains
access to an affected network. This vulnerability only affects Microsoft
Windows 2000 servers configured to be domain controllers. If a Microsoft
Windows 2000 server has not been promoted to a domain controller, it will
not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP
over SSL (LDAPS) queries, and will not be exposed to this vulnerability.
This security update is rated Critical for implementations of Active
Directory on Microsoft Windows 2000 Server. For more information, see the
subsection, Affected and Non-Affected Software, in this section.
DETAILS
Affected Software:
* Microsoft Windows 2000 Server Service Pack 4 -
<http://www.microsoft.com/downloads/details.aspx?familyid=8ed7bb9a-4b26-49d7-8c14-60226d2bc20d> Active Directory - Remote Code Execution - Critical - MS08-035
Non-Affected Software:
* Microsoft Windows 2000 Professional Service Pack 4 - Not applicable
* Windows XP Service Pack 2 and Windows XP Service Pack 3 - ADAM
* Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2 - ADAM
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2 - Active Directory and ADAM
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2 - Active Directory and ADAM
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems - Not applicable
* Windows Vista and Windows Vista Service Pack 1 - Not applicable
* Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
- Not applicable
* Windows Server 2008 for 32-bit Systems - Active Directory and AD LDS
* Windows Server 2008 for x64-based Systems - Active Directory and AD LDS
* Windows Server 2008 for Itanium-based Systems - Active Directory
Active Directory Overflow Vulnerability - CVE-2008-4023
A remote code execution vulnerability exists in implementations of Active
Directory on Microsoft Windows 2000 Server. The vulnerability is due to
incorrect memory allocation when receiving specially crafted LDAP or LDAPS
requests. An attacker who successfully exploited this vulnerability could
take complete control of an affected system.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4023>
CVE-2008-4023
Mitigating Factors for Active Directory Overflow Vulnerability -
CVE-2008-4023
Mitigation refers to a setting, common configuration, or general
best-practice, existing in a default state, that could reduce the severity
of exploitation of a vulnerability. The following mitigating factors may
be helpful in your situation:
* For customers who require the affected component, firewall best
practices and standard default firewall configurations can help protect
networks from attacks that originate outside the enterprise perimeter.
Best practices recommend that systems that are connected to the Internet
have a minimal number of ports exposed.
* This vulnerability only affects Microsoft Windows 2000 servers
configured to be domain controllers. If a Microsoft Windows 2000 server
has not been promoted to a domain controller, it will not be listening to
LDAP or LDAPS queries, and will not be exposed to this vulnerability.
To confirm whether a server is listening to LDAP or LDAPS queries, run the
following command from an administrator command prompt and look to see if
it is listening on the LDAP port (389) or the LDAPS port (636):
netstat -a
LDAP is enabled if the results contain the following:
Proto Local Address Foreign Address State
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx>
http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] Apple CUPS HP-GL/2 filter Code Execution Vulnerability
- Next by Date: [NT] Cumulative Security Update for Internet Explorer (MS08-058)
- Previous by thread: [UNIX] Apple CUPS HP-GL/2 filter Code Execution Vulnerability
- Next by thread: [NT] Cumulative Security Update for Internet Explorer (MS08-058)
- Index(es):
Relevant Pages
|
