Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Active Directory multiple security vulnerabilities
updated since 09.06.2009
Published:14.06.2009
Source:
SecurityVulns ID:9975
Type:remote
Threat Level:
7/10
Description:Double free() vulnerability, memory leaks.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability.")
 CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.11.09: Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability (14.06.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) (09.06.2009)
Files:Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod