Vulnerabilities > CVE-2007-3028 - Remote Denial Of Service vulnerability in Microsoft Windows Active Directory LDAP Request Validation
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Nessus
NASL family Windows NASL id SMB_KB926122.NASL description The remote version of Active Directory contains a flaw in the LDAP request handler code that may allow an attacker to execute code on the remote host. On Windows 2000, an anonymous attacker can exploit this flaw by sending a specially crafted LDAP packet. Additionally, Active Directory is affected by a remote denial of service vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 25699 published 2007-07-11 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25699 title MS07-039: Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) (uncredentialed check) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS07-039.NASL description The remote version of Active Directory contains a flaw in the LDAP request handler code that allows an attacker to execute code on the remote host. On Windows 2000 an anonymous attacker can exploit this flaw by sending a specially crafted LDAP packet. On Windows 2003 valid credentials are needed to exploit it. Additionally, the Active Directory is affected by a remote denial of service vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 25690 published 2007-07-10 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25690 title MS07-039: Microsoft Windows Active Directory LDAP Service Remote Code Execution (926122)
Oval
| accepted | 2007-08-20T08:04:39.090-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:1856 | ||||||||
| status | accepted | ||||||||
| submitted | 2007-07-10T18:34:24 | ||||||||
| title | Windows Active Directory Denial of Service Vulnerability | ||||||||
| version | 70 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 24796 CVE(CAN) ID: CVE-2007-3028 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft活动目录在处理畸形的请求数据时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。 Microsoft活动目录没有正确地验证LDAP请求中可转换属性的数量,攻击者可能通过向运行活动目录的服务器发送特制的LDAP请求来利用该漏洞,成功利用此漏洞的攻击者可能导致服务器暂时停止响应。 Microsoft Windows 2000 Server SP4 临时解决方法: * 在防火墙处阻止TCP端口389和3268。 * 在受影响的系统上使用IPSec来阻止受影响的端口。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS07-039)以及相应补丁: MS07-039:Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) 链接:<a href="http://www.microsoft.com/technet/security/Bulletin/ms07-039.mspx?pf=true" target="_blank">http://www.microsoft.com/technet/security/Bulletin/ms07-039.mspx?pf=true</a> 补丁下载: <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=812e62c5-6e19-4b3b-8a10-861b871e1b41" target="_blank">http://www.microsoft.com/downloads/details.aspx?FamilyId=812e62c5-6e19-4b3b-8a10-861b871e1b41</a> |
| id | SSV:1987 |
| last seen | 2017-11-19 |
| modified | 2007-07-12 |
| published | 2007-07-12 |
| reporter | Root |
| title | Microsoft Windows活动目录LDAP请求验证远程拒绝服务漏洞(MS07-039) |
References
- http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
- http://secunia.com/advisories/26002
- http://www.kb.cert.org/vuls/id/348953
- http://www.securityfocus.com/bid/24796
- http://www.securitytracker.com/id?1018355
- http://www.us-cert.gov/cas/techalerts/TA07-191A.html
- http://www.vupen.com/english/advisories/2007/2481
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1856