Vulnerability Name:

CVE-2009-1138 (CCN-50759)

Assigned:2009-06-09
Published:2009-06-09
Updated:2019-04-30
Summary:The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability."
Note: this issue is probably a memory leak.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-1138

Source: IDEFENSE
Type: UNKNOWN
20090611 Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability

Source: OSVDB
Type: UNKNOWN
54937

Source: CCN
Type: SA35355
Microsoft Windows Active Directory Two Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35355

Source: CCN
Type: SECTRACK ID: 1022349
Microsoft Active Directory Bugs Let Remote Users Execute Arbitrary Code or Deny Service

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm

Source: CCN
Type: ASA-2009-214
MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

Source: CCN
Type: NORTEL BULLETIN ID: 2009009557, Rev 1
Nortel Response to Microsoft Security Bulletin MS09-018

Source: CCN
Type: Microsoft Security Bulletin MS11-095
Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)

Source: CCN
Type: Microsoft Security Bulletin MS13-032
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)

Source: CCN
Type: Microsoft Security Bulletin MS14-016
Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)

Source: CCN
Type: Microsoft Security Bulletin MS15-096
Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)

Source: CCN
Type: Microsoft Security Bulletin MS16-047
Security Update for SAM and LSAD Remote Protocols (3148527)

Source: CCN
Type: Microsoft Security Bulletin MS16-081
Security Update for Active Directory (3160352)

Source: CCN
Type: Microsoft Security Bulletin MS16-110
Security Update for Windows (3178467)

Source: CCN
Type: Microsoft Security Bulletin MS09-018
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

Source: CCN
Type: Microsoft Security Bulletin MS09-066
Vulnerability in Active Directory Could Allow Denial of Service (973309)

Source: CCN
Type: Microsoft Security Bulletin MS10-068
Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)

Source: CCN
Type: Microsoft Security Bulletin MS11-005
Vulnerability in Active Directory Could Allow Denial of Service (2478953)

Source: CCN
Type: Microsoft Security Bulletin MS11-086
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)

Source: CCN
Type: OSVDB ID: 54937
Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution

Source: BID
Type: Patch
35226

Source: CCN
Type: BID-35226
Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022349

Source: CERT
Type: US Government Resource
TA09-160A

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1537

Source: MS
Type: UNKNOWN
MS09-018

Source: XF
Type: UNKNOWN
ms-windows-ldap-code-execution(50759)

Source: CCN
Type: iDefense PUBLIC ADVISORY: 06.11.09
Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6180

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000::sp4:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6180
    V
    		Active Directory Invalid Free Vulnerability
    2009-07-21
    BACK
    microsoft windows 2000 * sp4
    microsoft windows 2000 sp4