Vulnerability CVE-2010-0820 - CERT Civis.Net

Vulnerability Name:

CVE-2010-0820 (CCN-60676)

Assigned:

2010-09-14

Published:

2010-09-14

Updated:

2019-02-26

Summary:

Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability."

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2010-0820

Source: CCN
Type: SA41419
Microsoft Windows LSASS Implementation Buffer Overflow Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS11-095
Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)

Source: CCN
Type: Microsoft Security Bulletin MS13-032
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)

Source: CCN
Type: Microsoft Security Bulletin MS14-016
Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)

Source: CCN
Type: Microsoft Security Bulletin MS15-096
Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)

Source: CCN
Type: Microsoft Security Bulletin MS16-047
Security Update for SAM and LSAD Remote Protocols (3148527)

Source: CCN
Type: Microsoft Security Bulletin MS16-081
Security Update for Active Directory (3160352)

Source: CCN
Type: Microsoft Security Bulletin MS16-110
Security Update for Windows (3178467)

Source: CCN
Type: Microsoft Security Bulletin MS10-068
Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)

Source: CCN
Type: Microsoft Security Bulletin MS11-005
Vulnerability in Active Directory Could Allow Denial of Service (2478953)

Source: CCN
Type: Microsoft Security Bulletin MS11-086
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)

Source: CCN
Type: BID-43037
Microsoft LSASS ADAM/ADLDS Privilege Escalation Vulnerability

Source: MS
Type: UNKNOWN
MS10-068

Source: XF
Type: UNKNOWN
ms-win-lsass-privilege-escalation(60676)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7120

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_7:-:-:*:*:ultimate_n:*:x64:*

OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*

AND

cpe:/o:microsoft:windows_vista:-:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:7120	V	LSASS Heap Overflow Vulnerability	2014-04-07