Vulnerability CVE-2009-1139


Published: 2009-06-10   Modified: 2012-02-13

Description:
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."

Type:

CWE-399

(Resource Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Microsoft -> ADAM 
Microsoft -> Windows 2000 
Microsoft -> Windows server 2003 

 References:
http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm
http://www.securityfocus.com/bid/35225
http://www.securitytracker.com/id?1022349
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
http://www.vupen.com/english/advisories/2009/1537
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6253

Copyright 2020, cxsecurity.com

 

Back to Top