Vulnerability Name:

CVE-2008-1445 (CCN-42668)

Assigned:2008-06-10
Published:2008-06-10
Updated:2018-10-12
Summary:Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-1445

Source: CCN
Type: HP Security Bulletin HPSBST02344 SSRT080087 rev.1
Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036

Source: CCN
Type: SA30586
Microsoft Windows Active Directory LDAP Request Processing Denial of Service

Source: SECUNIA
Type: Permissions Required, Vendor Advisory
30586

Source: CCN
Type: SECTRACK ID: 1020229
Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1020229

Source: CCN
Type: ASA-2008-236
MS08-035 Vulnerability in Active Directory Could Allow Denial of Service (953235)

Source: CCN
Type: NORTEL BULLETIN ID: 2008008891, Rev 1
Centrex IP Client Manager (CICM) response to Microsoft June security bulletin

Source: CCN
Type: Microsoft Security Bulletin MS11-095
Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)

Source: CCN
Type: Microsoft Security Bulletin MS13-032
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)

Source: CCN
Type: Microsoft Security Bulletin MS14-016
Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)

Source: CCN
Type: Microsoft Security Bulletin MS15-096
Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)

Source: CCN
Type: Microsoft Security Bulletin MS16-047
Security Update for SAM and LSAD Remote Protocols (3148527)

Source: CCN
Type: Microsoft Security Bulletin MS16-081
Security Update for Active Directory (3160352)

Source: CCN
Type: Microsoft Security Bulletin MS16-110
Security Update for Windows (3178467)

Source: CCN
Type: Microsoft Security Bulletin MS08-035
Vulnerability in Active Directory Could Allow Denial of Service (953235)

Source: CCN
Type: Microsoft Security Bulletin MS09-018
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

Source: CCN
Type: Microsoft Security Bulletin MS09-066
Vulnerability in Active Directory Could Allow Denial of Service (973309)

Source: CCN
Type: Microsoft Security Bulletin MS10-068
Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)

Source: CCN
Type: Microsoft Security Bulletin MS11-005
Vulnerability in Active Directory Could Allow Denial of Service (2478953)

Source: CCN
Type: Microsoft Security Bulletin MS11-086
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)

Source: BUGTRAQ
Type: UNKNOWN
20080613 Securify bulletin: Microsoft Active Directory Denial-of-service

Source: BUGTRAQ
Type: UNKNOWN
20080613 RE: Securify bulletin: Microsoft Active Directory Denial-of-service

Source: BID
Type: Patch
29584

Source: CCN
Type: BID-29584
Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability

Source: CERT
Type: Third Party Advisory, US Government Resource
TA08-162B

Source: VUPEN
Type: Broken Link
ADV-2008-1782

Source: MS
Type: UNKNOWN
MS08-035

Source: XF
Type: UNKNOWN
win-activedirectory-ldap-request-dos(42668)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4910

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows-nt:2008:*:x32:*:*:*:*:*
  • OR cpe:/o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows-nt:xp:sp3:pro:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows:2003_server:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:server:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:4910
    V
    		Windows Active Directory Denial of Service Vulnerability
    2014-04-07
    BACK
    microsoft windows-nt 2008
    microsoft windows-nt 2008
    microsoft windows-nt xp sp3
    microsoft windows 2003 server *
    microsoft windows 2003 server * sp1
    microsoft windows 2003 server * sp1
    microsoft windows 2003 server * sp2
    microsoft windows 2003 server * sp2
    microsoft windows 2003 server * sp2
    microsoft windows xp * sp2
    microsoft windows 2003_server
    microsoft windows 2000 * sp4
    microsoft windows xp * sp2
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp2
    microsoft windows server 2008 -
    microsoft windows server 2008 -