Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-1138 to a friend New vulnerability? New tool? Tell us	CVE-2009-1138 Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability (MS09-018)     Credit: The information has been provided by Joshua J. Drake. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/ Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-1138 Details Check for CVE-2009-1138 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Windows Active Directory installed on Windows 2000 SP4 and prior According to section 2.4 of the IETF Request For Comments (rfc) 4514, LDAP requests can contain strings that have been encoded using hexadecimal encoding. When Active Directory on Windows 2000 encounters such a request, it fails to release the memory associated with the hexadecimal encoded portion of the request. By continually making such requests, an attacker can exhaust virtual memory on the targeted system. Exploitation allows an attacker to consume all available virtual memory on the affected system. To exploit this vulnerability, an attacker must be able to establish a TCP session with the vulnerable machine. LDAP uses port 389 or, when encrypted, port 636. Additionally, LDAP requests are processed when connecting to the Global Catalog Server on ports 3268 or 3269. Although exhausting virtual memory does not compromise the integrity of the system, it can allow some otherwise non-exploitable vulnerabilities to be exploited. As long as virtual memory is exhausted, the computer will not be able to start new programs, or do other tasks that require allocating virtual memory. Patch Availability: Microsoft has released a patch which addresses this issue. For more information, consult their advisory at the following URL: http://www.microsoft.com/technet/security/Bulletin/MS09-018.mspx Workaround: Employing firewalls to limit access to the affected services will mitigate exposure to this vulnerability. CVE Information: CVE-2009-1138 Disclosure Timeline: 01/21/2009 - Initial Contact 01/22/2009 - Initial Response 01/27/2009 - Requested PoC 01/30/2009 - Sent PoC 02/09/2009 - MS Status update 06/02/2009 - MS Requests Credit request 06/04/2009 - CVE Received 06/04/2009 - iDefense Requested CVE 06/05/2009 - Microsoft informs iDefense that the Bulletin was promoted to potential Code Execution 06/08/2009 - iDefense requests clarification, offers further insight 06/10/2009 - iDefense reiterates request 06/10/2009 - MS Responds that they agree that code execution is very unlikely and will change the Exploitability Index 06/11/2009 - MS Changes Exploitability Index from 1 to 3 06/11/2009 - Coordinated public disclosure  Comments on CVE-2009-1138:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®