Vulnerability Name:

CVE-2008-0088 (CCN-40102)

Assigned:2008-02-12
Published:2008-02-12
Updated:2019-04-30
Summary:Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-0088

Source: HP
Type: UNKNOWN
HPSBST02314

Source: CCN
Type: SA28764
Microsoft Active Directory Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
28764

Source: CCN
Type: SECTRACK ID: 1019382
Active Directory LDAP Processing Bug Lets Remote Users Deny Service

Source: CCN
Type: ASA-2008-062
MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538)

Source: CCN
Type: Microsoft Security Bulletin MS11-095
Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)

Source: CCN
Type: Microsoft Security Bulletin MS13-032
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)

Source: CCN
Type: Microsoft Security Bulletin MS14-016
Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)

Source: CCN
Type: Microsoft Security Bulletin MS15-096
Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)

Source: CCN
Type: Microsoft Security Bulletin MS16-047
Security Update for SAM and LSAD Remote Protocols (3148527)

Source: CCN
Type: Microsoft Security Bulletin MS16-081
Security Update for Active Directory (3160352)

Source: CCN
Type: Microsoft Security Bulletin MS16-110
Security Update for Windows (3178467)

Source: CCN
Type: Microsoft Security Bulletin MS08-003
Vulnerability in Active Directory Could Allow Denial of Service (946538)

Source: CCN
Type: Microsoft Security Bulletin MS08-035
Vulnerability in Active Directory Could Allow Denial of Service (953235)

Source: CCN
Type: Microsoft Security Bulletin MS09-018
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

Source: CCN
Type: Microsoft Security Bulletin MS09-066
Vulnerability in Active Directory Could Allow Denial of Service (973309)

Source: CCN
Type: Microsoft Security Bulletin MS10-068
Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)

Source: CCN
Type: Microsoft Security Bulletin MS11-005
Vulnerability in Active Directory Could Allow Denial of Service (2478953)

Source: CCN
Type: Microsoft Security Bulletin MS11-086
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)

Source: BID
Type: UNKNOWN
27638

Source: CCN
Type: BID-27638
Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019382

Source: CERT
Type: US Government Resource
TA08-043C

Source: VUPEN
Type: UNKNOWN
ADV-2008-0505

Source: MS
Type: UNKNOWN
MS08-003

Source: XF
Type: UNKNOWN
win-activedirectory-ldap-dos(40102)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5181

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x86:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5181
    V
    		Windows Active Directory Denial of Service Vulnerability
    2014-04-07
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp4
    microsoft windows 2003 server sp1
    microsoft windows 2003 server sp2
    microsoft windows xp *
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp - sp2
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp2