Vulnerabilities > CVE-2009-1138 - Resource Management Errors vulnerability in Microsoft Windows 2000

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
microsoft
CWE-399
critical
nessus
NVD
Published: 2009-06-10
Updated: 2019-04-30

Summary

The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.

Vulnerable Configurations

Part Description Count
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS09-018
bulletin_url
date2009-06-09T00:00:00
impactRemote Code Execution
knowledgebase_id971055
knowledgebase_url
severityCritical
titleVulnerabilities in Active Directory Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS09-018.NASL
descriptionThe version of Microsoft Active Directory / Active Directory Application Mode installed on the remote host is affected by one or both of the following vulnerabilities : - A flaw involving the way memory is freed when handling specially crafted LDAP or LDAPS requests allows a remote attacker to execute arbitrary code on the remote host with administrator privileges. Note that this is only known to affect Active Directory on Microsoft Windows 2000 Server Service Pack 4. (CVE-2009-1138) - Improper memory management during execution of certain types of LDAP or LDAPS requests may cause the affected product to stop responding. (CVE-2009-1139)
last seen2020-06-01
modified2020-06-02
plugin id39340
published2009-06-10
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/39340
titleMS09-018: Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

Oval

accepted2009-07-21T07:46:01.806-04:00
classvulnerability
contributors
nameDragos Prisaca
organizationGideon Technologies, Inc.
definition_extensions
commentMicrosoft Windows 2000 SP4 or later is installed
ovaloval:org.mitre.oval:def:229
descriptionThe LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
familywindows
idoval:org.mitre.oval:def:6180
statusaccepted
submitted2009-06-09T14:00:00
titleActive Directory Invalid Free Vulnerability
version69

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 35226 CVE(CAN) ID: CVE-2009-1138 Microsoft Windows是微软发布的非常流行的操作系统。 由于在处理特制LDAP或LDAPS请求时没有正确地释放内存,Windows 2000 Server上的Active Directory实现中存在一个远程执行代码漏洞。攻击者可能通过向运行Windows 2000 的域控制器发送特制的LDA 或LDAPS报文来利用该漏洞。任何可以访问目标网络的匿名用户均可以向受影响的系统传递特制报文以利用此漏洞。 Microsoft Windows 2000 Server SP4 临时解决方法: * 在防火墙阻断TCP 389、636、3268和3269端口。 * 在Windows 2000服务器上禁止匿名LDAP访问。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS09-018)以及相应补丁: MS09-018:Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) 链接:<a href="http://www.microsoft.com/technet/security/Bulletin/MS09-018.mspx?pf=true" target="_blank" rel=external nofollow>http://www.microsoft.com/technet/security/Bulletin/MS09-018.mspx?pf=true</a> 补丁下载: <a href="http://www.microsoft.com/downloads/details.aspx?familyid=bba6e20a-0345-46ae-a6f1-fd27fdee7c21" target="_blank" rel=external nofollow>http://www.microsoft.com/downloads/details.aspx?familyid=bba6e20a-0345-46ae-a6f1-fd27fdee7c21</a>
idSSV:11582
last seen2017-11-19
modified2009-06-11
published2009-06-11
reporterRoot
titleMicrosoft活动目录服务LDAP报文内存破坏漏洞(MS09-018)

References