Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1765
HistoryJun 27, 2001 - 12:00 a.m.

Security Bulletin MS01-036

2001-06-2700:00:00
vulners.com
26
JSON

Title: Function Exposed via LDAP over SSL Could Enable
Passwords to be Changed
Date: 25 June 2001
Software: Windows 2000
Impact: Privilege Elevation
Bulletin: MS01-036

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-036.asp.

Issue:

This vulnerability involves an LDAP function that is only available
if
the LDAP server has been configured to support LDAP over SSL
sessions,
and whose purpose is to allow users to change the data attributes of
directory principals. By design, the function should check the
authorizations of the user before completing the request; however, it
contains an error that manifests itself only when the directory
principal is a domain user and the data attribute is the domain
password – when this is the case, the function fails to check the
permissions of the requester, with the result that it could be
possible
for a user to change any other user's domain login password.

An attacker could change another user's password for either of two
purposes: to cause a denial of service by preventing the other user
from logging on, or in order to log into the user's account and gain
any privileges the user had. Clearly, the most serious case would be
one in which the attacker changed a domain administrator's password
and
logged into the administrator's account.

By design, the function affected can be called by any user who can
connect to the LDAP server, including users who connect via anonymous
sessions. As a result, any user who could establish a connection with
an affected server could exploit the vulnerability.

Mitigating Factors:

  • LDAP over SSL sessions cannot be conducted unless the
    administrator has installed a digital certificate on the LDAP
    server. As a result, default installations of Windows 2000
    are not affected by this vulnerability.
  • If the firewall is configured to block tcp port 636, the
    vulnerability could not be exploited by outside users.
  • This vulnerability could not be used to change the password
    of local user accounts on individual machines.

Patch Availability:

Acknowledgment:

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL
MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT
APPLY.

JSON