Vulnerabilities > CVE-2009-1928 - Resource Management Errors vulnerability in Microsoft products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

CWE-399

nessus

NVD

Published: 2009-11-11

Updated: 2023-12-07

Summary

Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability."

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows Server 2008 * Microsoft Windows Server 2008 - Microsoft Windows 2003 Server * Microsoft Windows XP * Microsoft Windows XP - Microsoft Windows Vista * Microsoft Windows 2000 *	17

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Msbulletin

bulletin_id	MS09-066
bulletin_url
date	2009-11-10T00:00:00
impact	Denial of Service
knowledgebase_id	973309
knowledgebase_url
severity	Important
title	Vulnerability in Active Directory Could Allow Denial of Service

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS09-066.NASL
description	The installed version of Microsoft Active Directory / Active Directory Application Mode / Active Directory Lightweight Directory Service has a buffer overflow vulnerability. By sending specially crafted LDAP or LDAPS requests, a remote attacker can exhaust stack space and cause the affected host to stop responding until it is restarted.
last seen	2020-06-01
modified	2020-06-02
plugin id	42440
published	2009-11-10
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42440
title	MS09-066: Vulnerability in Active Directory Could Allow Denial of Service (973309)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(42440); script_version("1.22"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2009-1928"); script_bugtraq_id(36918); script_xref(name:"MSFT", value:"MS09-066"); script_xref(name:"MSKB", value:"973037"); script_xref(name:"MSKB", value:"973039"); script_name(english:"MS09-066: Vulnerability in Active Directory Could Allow Denial of Service (973309)"); script_summary(english:"Checks the file versions of Ntdsa.dll / Ntdsai.dll / Adamdsa.dll."); script_set_attribute(attribute:"synopsis", value: "The installed version of Active Directory is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The installed version of Microsoft Active Directory / Active Directory Application Mode / Active Directory Lightweight Directory Service has a buffer overflow vulnerability. By sending specially crafted LDAP or LDAPS requests, a remote attacker can exhaust stack space and cause the affected host to stop responding until it is restarted."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-066"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP, 2003, and 2008."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_reg_query.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS09-066'; kbs = make_list('973037', '973039'); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'2', vista:'1,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN); share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); registry_init(); hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE); # Determine if Active Directory is enabled. ADAM_Enabled = FALSE; LDS_Enabled = FALSE; NTDS_Enabled = FALSE; # NTDS check ntds_value = get_registry_value( handle:hklm, item:"SYSTEM\CurrentControlSet\Services\NTDS\Parameters\DSA Database file"); if (!isnull(ntds_value)) NTDS_Enabled = TRUE; # LDS check lds_value = get_registry_value( handle:hklm, item:"SYSTEM\CurrentControlSet\Services\DirectoryServices\Performance\InstallType"); if (!isnull(lds_value)) LDS_Enabled = TRUE; # ADAM check adam_value = get_registry_value( handle:hklm, item:"SYSTEM\CurrentControlSet\Services\ADAM\Performance\Library"); if (!isnull(adam_value)) ADAM_Enabled = TRUE; RegCloseKey(handle:hklm); close_registry(close:FALSE); if (!NTDS_Enabled && !LDS_Enabled && !ADAM_Enabled) { hotfix_check_fversion_end(); exit(0, "The host is not affected since none of the affected Active Directory products are installed."); } # Check the file version. if ( # Windows 2008 ( (NTDS_Enabled \|\| LDS_Enabled) && ( hotfix_is_vulnerable(os:"6.0", sp:2, file:"Ntdsai.dll", version:"6.0.6002.22162", min_version:"6.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:'973037') \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Ntdsai.dll", version:"6.0.6002.18058", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:'973037') \|\| hotfix_is_vulnerable(os:"6.0", sp:1, file:"Ntdsai.dll", version:"6.0.6001.22461", min_version:"6.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:'973037') \|\| hotfix_is_vulnerable(os:"6.0", sp:1, file:"Ntdsai.dll", version:"6.0.6001.18281", min_version:"6.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:'973037') ) ) \|\| # Windows 2003 (NTDS_Enabled && hotfix_is_vulnerable(os:"5.2", sp:2, file:"ntdsa.dll", version:"5.2.3790.4568", dir:"\system32", bulletin:bulletin, kb:'973037')) \|\| (ADAM_Enabled && hotfix_is_vulnerable(os:"5.2", sp:2, file:"adamdsa.dll", version:"1.1.3790.4569", dir:"\ADAM", bulletin:bulletin, kb:'973039')) \|\| # Windows XP (ADAM_Enabled && hotfix_is_vulnerable(os:"5.1", file:"adamdsa.dll", version:"1.1.3790.4569", dir:"\ADAM", bulletin:bulletin, kb:'973039')) \|\| # Windows 2000 (NTDS_Enabled && hotfix_is_vulnerable(os:"5.0", file:"ntdsa.dll", version:"5.0.2195.7313", dir:"\system32", bulletin:bulletin, kb:'973037')) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2014-04-07T04:06:55.345-04:00

class

vulnerability

contributors

name Dragos Prisaca
organization Gideon Technologies, Inc.
name Sharath S
organization SecPod Technologies
name Rachana Shetty
organization SecPod Technologies
name Maria Kedovskaya
organization ALTX-SOFT
name Pooja Shetty
organization SecPod Technologies

definition_extensions

comment Microsoft Windows 2000 SP4 or later is installed
oval oval:org.mitre.oval:def:229
comment Microsoft Windows Server 2003 SP2 (x86) is installed
oval oval:org.mitre.oval:def:1935
comment Microsoft Windows Server 2003 SP2 (x64) is installed
oval oval:org.mitre.oval:def:2161
comment Microsoft Windows Server 2003 (ia64) SP2 is installed
oval oval:org.mitre.oval:def:1442
comment Microsoft Windows XP (x86) SP2 is installed
oval oval:org.mitre.oval:def:754
comment Microsoft Windows XP (x86) SP3 is installed
oval oval:org.mitre.oval:def:5631
comment Microsoft Windows XP x64 Edition SP2 is installed
oval oval:org.mitre.oval:def:4193
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
oval oval:org.mitre.oval:def:5653
comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:6216

description

family

windows

oval:org.mitre.oval:def:5890

status

accepted

submitted

2009-11-10T13:00:00

title

LSASS Recursive Stack Overflow Vulnerability

version

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 36918 CVE ID: CVE-2009-1928 Microsoft Windows是微软发布的非常流行的操作系统。 Windows 2000 Server、Windows Server 2003和Windows Server 2008上的活动目录实现中存在拒绝服务漏洞；安装在Windows XP和Windows Server 2003上的活动目录应用模式（ADAM）实现及Windows Server 2008上的活动目录轻型目录服务（AD LDS）实现中也存在这个漏洞。如果远程攻击者向受影响的活动目录服务提交了某些类型的LDAP或LDAPS请求，就可能耗尽栈上资源，导致受影响的系统停止响应。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows 2000SP4 临时解决方法： * 在防火墙阻断TCP389、636、3268和3269端口。厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS09-066）以及相应补丁: MS09-066：Vulnerability in Active Directory Could Allow Denial of Service (973309) 链接：http://www.microsoft.com/technet/security/bulletin/ms09-066.mspx?pf=true
id	SSV:12608
last seen	2017-11-19
modified	2009-11-11
published	2009-11-11
reporter	Root
title	Microsoft LDAP请求连接远程拒绝服务漏洞（MS09-066）

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Msbulletin

Nessus

Oval

Seebug

References