Vulnerabilities > CVE-2007-3028 - Remote Denial Of Service vulnerability in Microsoft Windows Active Directory LDAP Request Validation

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
nessus

Summary

The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.

Vulnerable Configurations

Part Description Count
OS
Microsoft
1

Nessus

  • NASL familyWindows
    NASL idSMB_KB926122.NASL
    descriptionThe remote version of Active Directory contains a flaw in the LDAP request handler code that may allow an attacker to execute code on the remote host. On Windows 2000, an anonymous attacker can exploit this flaw by sending a specially crafted LDAP packet. Additionally, Active Directory is affected by a remote denial of service vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id25699
    published2007-07-11
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25699
    titleMS07-039: Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) (uncredentialed check)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS07-039.NASL
    descriptionThe remote version of Active Directory contains a flaw in the LDAP request handler code that allows an attacker to execute code on the remote host. On Windows 2000 an anonymous attacker can exploit this flaw by sending a specially crafted LDAP packet. On Windows 2003 valid credentials are needed to exploit it. Additionally, the Active Directory is affected by a remote denial of service vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id25690
    published2007-07-10
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25690
    titleMS07-039: Microsoft Windows Active Directory LDAP Service Remote Code Execution (926122)

Oval

accepted2007-08-20T08:04:39.090-04:00
classvulnerability
contributors
  • nameSudhir Gandhe
    organizationSecure Elements, Inc.
  • nameSudhir Gandhe
    organizationSecure Elements, Inc.
definition_extensions
commentMicrosoft Windows 2000 SP4 or later is installed
ovaloval:org.mitre.oval:def:229
descriptionThe LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
familywindows
idoval:org.mitre.oval:def:1856
statusaccepted
submitted2007-07-10T18:34:24
titleWindows Active Directory Denial of Service Vulnerability
version70

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 24796 CVE(CAN) ID: CVE-2007-3028 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft活动目录在处理畸形的请求数据时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。 Microsoft活动目录没有正确地验证LDAP请求中可转换属性的数量,攻击者可能通过向运行活动目录的服务器发送特制的LDAP请求来利用该漏洞,成功利用此漏洞的攻击者可能导致服务器暂时停止响应。 Microsoft Windows 2000 Server SP4 临时解决方法: * 在防火墙处阻止TCP端口389和3268。 * 在受影响的系统上使用IPSec来阻止受影响的端口。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS07-039)以及相应补丁: MS07-039:Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) 链接:<a href="http://www.microsoft.com/technet/security/Bulletin/ms07-039.mspx?pf=true" target="_blank">http://www.microsoft.com/technet/security/Bulletin/ms07-039.mspx?pf=true</a> 补丁下载: <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=812e62c5-6e19-4b3b-8a10-861b871e1b41" target="_blank">http://www.microsoft.com/downloads/details.aspx?FamilyId=812e62c5-6e19-4b3b-8a10-861b871e1b41</a>
idSSV:1987
last seen2017-11-19
modified2007-07-12
published2007-07-12
reporterRoot
titleMicrosoft Windows活动目录LDAP请求验证远程拒绝服务漏洞(MS07-039)