Vulnerabilities > CVE-2009-1139 - Resource Management Errors vulnerability in Microsoft Adam, Windows 2000 and Windows Server 2003

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
microsoft
CWE-399
nessus
NVD
Published: 2009-06-10
Updated: 2019-04-30

Summary

Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
1
OS
Microsoft
9

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS09-018
bulletin_url
date2009-06-09T00:00:00
impactRemote Code Execution
knowledgebase_id971055
knowledgebase_url
severityCritical
titleVulnerabilities in Active Directory Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS09-018.NASL
descriptionThe version of Microsoft Active Directory / Active Directory Application Mode installed on the remote host is affected by one or both of the following vulnerabilities : - A flaw involving the way memory is freed when handling specially crafted LDAP or LDAPS requests allows a remote attacker to execute arbitrary code on the remote host with administrator privileges. Note that this is only known to affect Active Directory on Microsoft Windows 2000 Server Service Pack 4. (CVE-2009-1138) - Improper memory management during execution of certain types of LDAP or LDAPS requests may cause the affected product to stop responding. (CVE-2009-1139)
last seen2020-06-01
modified2020-06-02
plugin id39340
published2009-06-10
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/39340
titleMS09-018: Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

Oval

accepted2014-04-07T04:06:55.913-04:00
classvulnerability
contributors
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
  • nameJ. Daniel Brown
    organizationDTCC
  • nameSharath S
    organizationSecPod Technologies
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • namePooja Shetty
    organizationSecPod Technologies
definition_extensions
  • commentMicrosoft Windows 2000 SP4 or later is installed
    ovaloval:org.mitre.oval:def:229
  • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
    ovaloval:org.mitre.oval:def:1935
  • commentMicrosoft Windows Server 2003 SP2 (x64) is installed
    ovaloval:org.mitre.oval:def:2161
  • commentMicrosoft Windows XP (x86) SP2 is installed
    ovaloval:org.mitre.oval:def:754
  • commentMicrosoft Windows XP (x86) SP3 is installed
    ovaloval:org.mitre.oval:def:5631
  • commentMicrosoft Windows XP x64 Edition SP2 is installed
    ovaloval:org.mitre.oval:def:4193
descriptionMemory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
familywindows
idoval:org.mitre.oval:def:6253
statusaccepted
submitted2009-06-09T14:00:00
titleActive Directory Memory Leak Vulnerability
version76

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 35225 CVE(CAN) ID: CVE-2009-1139 Microsoft Windows是微软发布的非常流行的操作系统。 LDAP服务在执行包含特定OID过滤器的LDAP或LDAPS请求时没有正确地管理内存。远程攻击者可以通过向Active Directory或ADAM服务器发送特制的LDAP或LDAPS报文触发内存破坏,导致受影响的系统停止接受请求。对于Windows 2000 Server,任何可以访问目标网络的匿名用户均可以向受影响的系统传递特制网络报文来利用此漏洞;在Server 2003或安装了ADAM的系统上,攻击者必须具有有效的认证凭据才能利用此漏洞。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows 2000SP4 临时解决方法: * 在防火墙阻断TCP 389、636、3268和3269端口。 * 在Windows 2000服务器上禁止匿名LDAP访问。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS09-018)以及相应补丁: MS09-018:Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) 链接:<a href="http://www.microsoft.com/technet/security/Bulletin/MS09-018.mspx?pf=true" target="_blank" rel=external nofollow>http://www.microsoft.com/technet/security/Bulletin/MS09-018.mspx?pf=true</a>
idSSV:11587
last seen2017-11-19
modified2009-06-11
published2009-06-11
reporterRoot
titleMicrosoft活动目录服务内存泄漏漏洞(MS09-018)

References