Oval Definition:oval:org.mitre.oval:def:5890
Revision Date:2014-04-07Version:50
Title:LSASS Recursive Stack Overflow Vulnerability
Description:Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-1928
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows XP
Product(s):
Definition Synopsis
  • Check for Windows 2000 and Vulnerable file
  • Microsoft Windows 2000 SP4 or later is installed
  • AND NTDS Service is installed
  • AND Ntdsa.dll version is less than 5.0.2195.7313
  • AND the system is being used as AD - DomainRole is 4 or 5
  • OR Check for Vulnerable OS and file
  • Check for Windows 2003 (x86/x64)
  • Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • AND Active Directory or ADAM
  • Check for Vulnerable file
  • NTDS Service is installed
  • AND the system is being used as AD - DomainRole is 4 or 5
  • AND ntdsa.dll version is less than 5.2.3790.4568
  • OR Vulnerable ADAM
  • Check if ADAM service is installed
  • AND adamdsa.dll version is less than 1.1.3790.4569
  • OR Check for Windows 2003 (ia64) and Vulnerable file
  • Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND NTDS Service is installed
  • AND the system is being used as AD - DomainRole is 4 or 5
  • AND ntdsa.dll version is less than 5.2.3790.4568
  • OR Check for Vulnerable OS and file
  • Check for Windows XP (x86/x64)
  • Microsoft Windows XP (x86) SP2 is installed
  • OR Microsoft Windows XP (x86) SP3 is installed
  • OR Microsoft Windows XP x64 Edition SP2 is installed
  • AND Check if ADAM service is installed
  • AND adamdsa.dll version is less than 1.1.3790.4569
  • OR Check for Vulnerable OS and file
  • Check for Windows 2008 (x86/x64)
  • Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Check for Domain Role and vulnerable file
  • the system is being used as AD - DomainRole is 4 or 5
  • AND Check for file GDR or LDR
  • ntdsai.dll version is less than 6.0.6001.18281
  • OR Check for LDR
  • ntdsai.dll version is less than 6.0.6001.22461
  • AND ntdsai.dll is greater than or equal 6.0.6001.22000
  • OR Check for Vulnerable OS and file
  • Check for Windows 2008 (x86/x64) SP2
  • Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • AND Check for Domain Role and vulnerable file
  • the system is being used as AD - DomainRole is 4 or 5
  • AND Check for file GDR or LDR
  • ntdsai.dll version is less than 6.0.6002.18058
  • OR Check for LDR
  • ntdsai.dll version is less than 6.0.6002.22162
  • AND ntdsai.dll is greater than or equal 6.0.6002.22000
    • BACK