| Vulnerability Name: | CVE-2003-0533 (CCN-15699) | ||||||||||||||||
| Assigned: | 2003-07-08 | ||||||||||||||||
| Published: | 2004-04-13 | ||||||||||||||||
| Updated: | 2018-10-12 | ||||||||||||||||
| Summary: | Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. | ||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0533 Source: FULLDISC Type: UNKNOWN 20040413 EEYE: Windows Local Security Authority Service Remote Buffer Overflow Source: BUGTRAQ Type: UNKNOWN 20040429 MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC) Source: CCN Type: CIAC Information Bulletin O-114 Microsoft Security Update for Microsoft Windows [REVISED 25 Jun 2004] Source: CIAC Type: UNKNOWN O-114 Source: EEYE Type: UNKNOWN AD20040413C Source: CCN Type: US-CERT VU#753212 Microsoft LSA Service contains buffer overflow in DsRolepInitializeLog() function Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#753212 Source: CCN Type: Microsoft Security Bulletin MS04-011 Security Update for Microsoft Windows (835732) Source: BID Type: UNKNOWN 10108 Source: CCN Type: BID-10108 Microsoft Windows LSASS Buffer Overrun Vulnerability Source: CERT Type: Third Party Advisory, US Government Resource TA04-104A Source: CCN Type: Internet Security Systems Security Alert, April 13, 2004 Multiple Vulnerabilities in Microsoft Products Source: MS Type: UNKNOWN MS04-011 Source: XF Type: UNKNOWN win-lsass-bo(15699) Source: XF Type: UNKNOWN win-lsass-bo(15699) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:883 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:898 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:919 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||