| Vulnerability Name: | CVE-2009-1139 (CCN-50761) | ||||||||
| Assigned: | 2009-06-09 | ||||||||
| Published: | 2009-06-09 | ||||||||
| Updated: | 2019-04-30 | ||||||||
| Summary: | Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." | ||||||||
| CVSS v3 Severity: | 5.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-399 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-1139 Source: OSVDB Type: UNKNOWN 54938 Source: CCN Type: SA35355 Microsoft Windows Active Directory Two Vulnerabilities Source: SECUNIA Type: UNKNOWN 35355 Source: CCN Type: SECTRACK ID: 1022349 Microsoft Active Directory Bugs Let Remote Users Execute Arbitrary Code or Deny Service Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm Source: CCN Type: ASA-2009-214 MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) Source: CCN Type: NORTEL BULLETIN ID: 2009009557, Rev 1 Nortel Response to Microsoft Security Bulletin MS09-018 Source: CCN Type: Microsoft Security Bulletin MS11-095 Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) Source: CCN Type: Microsoft Security Bulletin MS13-032 Vulnerability in Active Directory Could Lead to Denial of Service (2830914) Source: CCN Type: Microsoft Security Bulletin MS14-016 Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) Source: CCN Type: Microsoft Security Bulletin MS15-096 Vulnerability in Active Directory Service Could Allow Denial of Service (3072595) Source: CCN Type: Microsoft Security Bulletin MS16-047 Security Update for SAM and LSAD Remote Protocols (3148527) Source: CCN Type: Microsoft Security Bulletin MS16-081 Security Update for Active Directory (3160352) Source: CCN Type: Microsoft Security Bulletin MS16-110 Security Update for Windows (3178467) Source: CCN Type: Microsoft Security Bulletin MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) Source: CCN Type: Microsoft Security Bulletin MS09-066 Vulnerability in Active Directory Could Allow Denial of Service (973309) Source: CCN Type: Microsoft Security Bulletin MS10-068 Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539) Source: CCN Type: Microsoft Security Bulletin MS11-005 Vulnerability in Active Directory Could Allow Denial of Service (2478953) Source: CCN Type: Microsoft Security Bulletin MS11-086 Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) Source: CCN Type: OSVDB ID: 54938 Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS Source: BID Type: UNKNOWN 35225 Source: CCN Type: BID-35225 Microsoft Active Directory Memory Leak Denial Of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1022349 Source: CERT Type: US Government Resource TA09-160A Source: VUPEN Type: UNKNOWN ADV-2009-1537 Source: MS Type: UNKNOWN MS09-018 Source: XF Type: UNKNOWN ms-windows-ad-ldap-dos(50761) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6253 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||