LDAP: Microsoft Windows 2000 Active Directory LDAP Parsing Memory Corruption
This signature detects attempts to exploit a known vulnerability against Windows 2000 domain controllers. A successful attack can result in a server denial of service or arbitrary code execution.
Extended Description
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
Affected Products
Microsoft windows_2000
Short Name
LDAP:OVERFLOW:MS-DIR-LEAK-MC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
LDAP
Keywords
2000 Active CVE-2009-1138 Corruption Directory LDAP Memory Microsoft Parsing Windows bid:35226
Release Date
12/21/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0