|
|
|
|
| |
Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
|
| |
Affected Software:
* Microsoft Windows 2000 Server Service Pack 4 - Active Directory - Remote Code Execution - Critical - MS08-035
Non-Affected Software:
* Microsoft Windows 2000 Professional Service Pack 4 - Not applicable
* Windows XP Service Pack 2 and Windows XP Service Pack 3 - ADAM
* Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - ADAM
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 - Active Directory and ADAM
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 - Active Directory and ADAM
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems - Not applicable
* Windows Vista and Windows Vista Service Pack 1 - Not applicable
* Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 - Not applicable
* Windows Server 2008 for 32-bit Systems - Active Directory and AD LDS
* Windows Server 2008 for x64-based Systems - Active Directory and AD LDS
* Windows Server 2008 for Itanium-based Systems - Active Directory
Active Directory Overflow Vulnerability - CVE-2008-4023
A remote code execution vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability is due to incorrect memory allocation when receiving specially crafted LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
CVE Information:
CVE-2008-4023
Mitigating Factors for Active Directory Overflow Vulnerability - CVE-2008-4023
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:
* For customers who require the affected component, firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
* This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to LDAP or LDAPS queries, and will not be exposed to this vulnerability.
To confirm whether a server is listening to LDAP or LDAPS queries, run the following command from an administrator command prompt and look to see if it is listening on the LDAP port (389) or the LDAPS port (636):
netstat -a
LDAP is enabled if the results contain the following:
Proto Local Address Foreign Address State
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING
|
|
|
|
|
